Bugtraq mailing list archives
»Ø¸´: Re: non-exec stac
From: zhaoqian () JADEBIRD PKU EDU CN (ZhaoQian)
Date: Thu, 11 May 2000 08:59:00 +0800
Hi, On Mon, May 08, 2000 at 10:06:04AM +0200, Casper Dik wrote:Here's an overflow exploit that works on a non-exec stack on x86 boxes. It demonstrates how it is possible to thread together several libc calls. I have not seen any other exploits for x86 that have done
this..
Non-executable stacks do not work in Solaris/x86. It is impossible to give page level protection that prevents execution on the x86 architecture.Hmmm, so how do they do that on Linux? I thought Solar Designer had a non-exec-stack patch for Linux.Yes, but I don't think you can "mprotect" that stack back page by page to allow execute permission. Casper
Solar Designer use segment protect mechanism to implement "hardware protect", but BSS/Heap overflow also works on those boxes.
Current thread:
- non-exec stack Tim Newsham (May 06)
- "I don't think I really love you" Michal Zalewski (May 07)
- Re: non-exec stack Casper Dik (May 08)
- Re: non-exec stack Gert Doering (May 09)
- Re: non-exec stack Casper Dik (May 09)
- Re: non-exec stack Nate Eldredge (May 10)
- »Ø¸´: Re: non-exec stac ZhaoQian (May 10)
- Alert: IIS ism.dll exposes file contents Cerberus Security Team (May 11)
- ISSalert: Internet Security Systems Security Advisory: Microsoft IIS Remote Denial of Service Attack Warren Barrow (May 11)
- Remote DoS attack in Internet Information Server 4.0 & 5.0 "Malformed Extension Data in URL" Vulnerability Ussr Labs (May 11)
- Microsoft Security Bulletin (MS00-030) Microsoft Product Security (May 11)
- IE Domain Confusion Vulnerability Foo Bar (May 11)
- Overflow in Outlook Express 4.* - too long filenames with graphic format extension Ultor (May 12)
- Eudora Sensitive to Long Filenames Ron Moritz (May 18)
- IE Domain Confusion Vulnerability is an Email problem also Richard M. Smith (May 12)
- Re: IE Domain Confusion Vulnerability doesn't matter much Marc Slemko (May 12)
- Re: IE Domain Confusion Vulnerability doesn't matter much Richard M. Smith (May 15)
- Re: non-exec stack Gert Doering (May 09)