[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (no subject)
Eli Marmor <marmor@elmar.co.il> wrote:
>
> Before you argue, let me say that by writing "general" I didn't mean
> that the kernel-based solutions *solve* the problem; You still can
> garbage the stack, but you can't execute it, so in the worst case,
> the victim process will fail, but no *real* damage will be caused to
> the system. What I meant was that it doesn't protect only specific
> functions, but ANY function.
>
> Linus and Alan Cox claim that preventing the stack from being
> executed is not a real solution but only a workaround, so they don't
> agree to insert it into the standard kernel. This is also why most of
> the distributions (I think except for Mandrake in its highest
> security level and Definite-Linux, as well as some security-focused
> distros) don't include the kernel-based solutions, but plan to
> include Lucent's solution.
>
I refer you to the following article posted to bugtraq 2 years ago
"Defeating Solar Designer non-executable stack patch"
http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-02-1&msg=199801301709.SAA12206@galera.icm.edu.pl
and also the "No-Exec Stack Smashing 101" thread posted last week
to vuln-dev@securityfocus.com. http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-04-15&msg=Pine.LNX.4.21.0004191559580.12129-100000@enki.corp.icopyright.com
Very interesting staff.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il