non-executable stacks

["Ghaith Nasrawi" <libero () aucegypt edu>]

Hey folks,

I'm sorry if this question was asked before in this mailing list, but
I couldn't find useful information about it everywhere else.

Currently, I'm working on Linux 2.6.9-1.667 under Fedora Core 3, and
the way to trigger on/off the stack protection is by setting/unsetting
"/proc/sys/kernel/exec-shield".

Q: Is it possible to change the value of that variable during the
course of executing a process, and therefore you'd have the stack as
an executable one? (Now, I'm assuming that process has unlimited
privileges).

The problem is in order to change that value, we need to overwrite the
EIP with our variable modifier! Then, we can lay back and have the
stack wide open.

It goes like a cycle of dependancies ...

Any ideas? workarounds?

g.

"Our care should not be to have lived long as to have lived enough.",
Seneca