Date: Thu, 12 Jul 2001 17:45:16 -0700 (PDT) From: Ed Alley <alley1@llnl.gov> To: <freebsd-security@freebsd.org> Cc: <solwar@email.si>, <ml@db.nexgen.com> Subject: Re: non-exec stack Message-ID: <20010712174243.R39680-100000@jordan.llnl.gov>
next in thread | raw e-mail | index | archive | help
I noticed the following comments in security-digest. My appologies for jumping into the middle of the conversation. ------ >- ----- Original Message ----- >From: "solwar" <solwar@email.si> >To: "alexus" <ml@db.nexgen.com> >Cc: <freebsd-security@FreeBSD.ORG> >Sent: Sunday, July 08, 2001 9:07 PM >Subject: Re: non-exec stack >> Most buffer overflow exploits are based on overwriting a function's return >> address on the stack to point to some arbitrary code, which is also put >> onto the stack. If the stack area is non-executable, buffer overflow >> vulnerabilities become harder to exploit. ------ My comment on the above is: Making the stack non-executable is not the answer because among other things it would disable signal trampoline code. Even disallowing and exec is not the answer because one could transfer back into the text area to get at the int 0x80. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010712174243.R39680-100000>