Re: [Announcement] "Exec Shield", new Linux security feature

Davide Libenzi (davidel@xmailserver.org)
Fri, 2 May 2003 11:29:11 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kevin Corry: "Re: is there small mistake in lib/vsprintf.c of kernel 2.4.20 ?"
Previous message: Daniele Bellucci: "FIX 2.4.20-2.4.21-rc1: comp. problems in find_task_by_pid, sys_capget, sys_ptrace, sys_tkill.."

On Fri, 2 May 2003, Florian Weimer wrote:

> Davide Libenzi <davidel@xmailserver.org> writes:
>
> > Ingo, do you want protection against shell code injection ? Have the
> > kernel to assign random stack addresses to processes and they won't be
> > able to guess the stack pointer to place the jump.
>
> If your software is broken enough to have buffer overflow bugs, it's
> not entirely unlikely that it leaks the stack address as well (IIRC,
> BIND 8 did).

Leaking the stack address is not a problem in this case, since the next
run will be very->very->very likely different.

- Davide

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kevin Corry: "Re: is there small mistake in lib/vsprintf.c of kernel 2.4.20 ?"
Previous message: Daniele Bellucci: "FIX 2.4.20-2.4.21-rc1: comp. problems in find_task_by_pid, sys_capget, sys_ptrace, sys_tkill.."