>
> Why not map _everything_ mapped to address containing 0x00? It
> probably is not trivial (You may not put it on 00XXXXXX, it would be
> useless because we are little-endian. Putting .text on XX00XXXX is
> probably non-trivial but doable...) It is definitely doable on 64bit
> systems.
> Pavel
> PS: If even stack is put on place with zero in address, is not that
> enough to stop all exploits even without non-executable stack?
Not return from libc, You have to map both libs and stack to a 0x00 containing
address in order to defend from both the blunt and the sharp instruments ;-)
Yes, it will stop all but overrun after decode exploits (like some of the
exploits for sendmail 8.(7,8).x and imapd).
I think that maybe the quickest thing to implement will be the random stack
start suggested by tytso. I already reposted it to debian-security.
Brgds,
- ----------------------------------
Anton R. Ivanov
IP Engineer Level3 Communications
RIPE: ARI2-RIPE E-Mail: Anton Ivanov <aivanov@eu.level3.net>
@*** Herblock's Law ***
If it's good they'll stop making it.
- ----------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iQEVAwUBOHMmKClWAw/bM84zAQH9HAf/Up3xkFVfEQMFyLctmPfM2r3N4RDb2gnl
P/DqQ9bdBvH8cZpwclafB+jE60SvelbghBR6CgINGwHoDhVw5CVGOIYmXEQFsMVZ
jIqXXFKHHZ2UiS64TwL2jMO/zhsmSKX/eSFh4wH99YQYfHz4FcUJVyshDOmNDXST
P39ARtzL5BMHxTBrICzEwPw54Oo9Sop2ERXav8LdWnRG+sX4DsM+MI4QHS9yzuXT
Lj1FD7Jr7kcRoQ5caeG99oI3MfC5T+mOvbdnktMJzf9PF9qvYRDIhBe6GnMLnG+t
gLUgaia80Szfl6GIJEZJFJKjVHSz3SHMZJo7uqGYjmHCJVp1TJsInA==
=TMZ1
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/