Re: Buffer overflow prevention

[Mariusz Woloszyn <emsi () ipartners pl>]

On Mon, 18 Aug 2003 pageexec () freemail hu wrote:

> > Anyways, on an i386 you can do W^X somewhat.  Not as perfectly as you
> > can on cpus that have a per-page X bit...
>
> You are wrong again, PaX provides perfect per-page non-executable pages
> using segmentation (SEGMEXEC), there are no restrictions on the ordering
> of data/code pages like in OpenBSD.
BTW: have anyone tried to talk wih Linus about implementing some PaX (or
even GR) functionality in official Kernels?
I know that the argument for not implementing Solar Designer's
nonexecutable stack patch in official kernel was that it is easily
bypassable, so what about PaX???

I hate seeing GOT and other segments rwx nowdays (while it's marked as r-x
it IS executable).

-- 
Mariusz Wołoszyn
Internet Security Specialist, GTS - Internet Partners