Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: non-exec stack

From: neldredge () HMC EDU (Nate Eldredge)
Date: Wed, 10 May 2000 17:20:35 -0700

Gert Doering writes:

Hi,

On Mon, May 08, 2000 at 10:06:04AM +0200, Casper Dik wrote:

Here's an overflow exploit that works on a non-exec stack on x86 boxes.
It demonstrates how it is possible to thread together several libc
calls.  I have not seen any other exploits for x86 that have done this..


Non-executable stacks do not work in Solaris/x86.

It is impossible to give page level protection that prevents
execution on the x86 architecture.


Hmmm, so how do they do that on Linux?  I thought Solar Designer had a
non-exec-stack patch for Linux.


Presumably you could map the code segment so as to exclude the stack.
Then, since a user-mode program cannot change the segmentation without
kernel assistance, the stack would then not be executable.

--

Nate Eldredge
neldredge () hmc edu
Previous By Date Next
Previous By Thread Next

Current thread: