Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

»Ø¸´: Re: non-exec stac

From: zhaoqian () JADEBIRD PKU EDU CN (ZhaoQian)
Date: Thu, 11 May 2000 08:59:00 +0800


Hi,

On Mon, May 08, 2000 at 10:06:04AM +0200, Casper Dik wrote:

Here's an overflow exploit that works on a non-exec stack on x86 boxes.
It demonstrates how it is possible to thread together several libc
calls.  I have not seen any other exploits for x86 that have done

this..


Non-executable stacks do not work in Solaris/x86.

It is impossible to give page level protection that prevents
execution on the x86 architecture.


Hmmm, so how do they do that on Linux?  I thought Solar Designer had a
non-exec-stack patch for Linux.



Yes, but I don't think you can "mprotect" that stack back page by
page to allow execute permission.

Casper


Solar Designer use segment protect mechanism to implement "hardware
protect",
but BSS/Heap overflow also works on those boxes.
Previous By Date Next
Previous By Thread Next

Current thread: