Re: [RFC] prevention of syscalls from writable segments, breaking

Brian Gerst (bgerst@didntduck.org)
Wed, 03 Jan 2001 16:48:23 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Graham Murray: "2.4.0-prelease freezes on serial event"
Previous message: Chris Wedgwood: "Re: [PATCH] filemap_fdatasync & related changes"

Dan Aloni wrote:
>
> It is known that most remote exploits use the fact that stacks are
> executable (in i386, at least).
>
> On Linux, they use INT 80 system calls to execute functions in the kernel
> as root, when the stack is smashed as a result of a buffer overflow bug in
> various server software.
>
> This preliminary, small patch prevents execution of system calls which
> were executed from a writable segment. It was tested and seems to work,
> without breaking anything. It also reports of such calls by using printk.

Do you realise how much overhead you just added to every single
syscall? It won't work anyways, for the same reasons every other
non-exec stack patch has been rejected - exploits exist that don't write
any code to the stack, you just need two pointers.

Brian Gerst - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/

Next message: Graham Murray: "2.4.0-prelease freezes on serial event"
Previous message: Chris Wedgwood: "Re: [PATCH] filemap_fdatasync & related changes"