Re: [RFC] prevention of syscalls from writable segments, breaking bug

Alan Cox (alan@lxorguk.ukuu.org.uk)
Wed, 3 Jan 2001 23:02:12 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alexander Viro: "Re: [RFC] prevention of syscalls from writable segments, breaking"
Previous message: Rik van Riel: "LVM 0.9 vgscan problem"
Next in thread: Richard A Nelson: "2.2.19pre6 maestro3 driver requires ac97_codec (but doesn't claim"
Reply: Richard A Nelson: "2.2.19pre6 maestro3 driver requires ac97_codec (but doesn't claim"

> On Linux, they use INT 80 system calls to execute functions in the kernel
> as root, when the stack is smashed as a result of a buffer overflow bug in
> various server software.
>
> This preliminary, small patch prevents execution of system calls which
> were executed from a writable segment. It was tested and seems to work,
> without breaking anything. It also reports of such calls by using printk.

And I swap the int80 for a jmp to an int80 at a predictable location in ld.so

If you are going to do stack tricks then look at Solar Designers patches, he
has at least worked through the issues and even thought about using null bytes
in jump targets for libraries to stop some operations (string stuff)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alexander Viro: "Re: [RFC] prevention of syscalls from writable segments, breaking"
Previous message: Rik van Riel: "LVM 0.9 vgscan problem"
Next in thread: Richard A Nelson: "2.2.19pre6 maestro3 driver requires ac97_codec (but doesn't claim"
Reply: Richard A Nelson: "2.2.19pre6 maestro3 driver requires ac97_codec (but doesn't claim"