Re: Unexecutable Stack / Buffer Overflow Exploits...

Matija Nalis (mnalis@jagor.srce.hr)
4 Jan 2000 18:26:01 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robert A. Hayden: "Re: First draft list of 2.3.x "Things to fix""
Previous message: Alan Cox: "Re: First draft list of 2.3.x "Things to fix""

On 4 Jan 2000 18:14:49 +0100, Gregory Maxwell <greg@linuxpower.cx> wrote:
>On 2 Jan 2000, Matija Nalis wrote:
>> It *IS* an option. You need to apply an patch to enable that option. Since
>> you are skilled sysadmin, you know how to do that. Most newbie-users for
>
>I see the big benifit from putting it in the Linus Linux kernel is that
>the zillion *users* out there will get protection from buffer overflows in
>gigantic userspace apps like Netscape.

I do not. As soon as it is in Linus Linux kernel, it is mainstream. As soon
as it is mainstream, most cracks will include this fact and target against
non-exec stack feature. So soon, no expoloits will be against executable
stack but against non-exec stack (since they get bigger hit that way, and it
is no more diffucult to code), and you will have an ugly and completely
useless kludge (one which makes problems with some perfectly valid userspace
code, BTW) in kernel.

Eg. it gives you (some) additional security ONLY as long as it is NOT in
mainstream kernel. Same kind of security as moving from i386 to Sparc
arhitecture, for example. I use 'better security' in sense 'smaller number
of successful attacks by random script kiddies' here, BTW.

-- Opinions above are GNU-copylefted.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Robert A. Hayden: "Re: First draft list of 2.3.x "Things to fix""
Previous message: Alan Cox: "Re: First draft list of 2.3.x "Things to fix""