[14839] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: non-exec stack

daemon@ATHENA.MIT.EDU (Casper Dik)
Mon May 8 15:43:18 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <200005080806.KAA28141@romulus.Holland.Sun.COM>
Date:         Mon, 8 May 2000 10:06:04 +0200
Reply-To: Casper Dik <Casper.Dik@HOLLAND.SUN.COM>
From: Casper Dik <Casper.Dik@HOLLAND.SUN.COM>
X-To:         Tim Newsham <newsham@LAVA.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  Your message of "Sat, 06 May 2000 17:06:28 -1000." 
              <m12oHOm-000W7JC@malasada.lava.net>

>Here's an overflow exploit that works on a non-exec stack on x86 boxes.
>It demonstrates how it is possible to thread together several libc
>calls.  I have not seen any other exploits for x86 that have done this..


Non-executable stacks do not work in Solaris/x86.

It is impossible to give page level protection that prevents
execution on the x86 architecture.



Casper


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14839] in bugtraq

Re: non-exec stack

daemon@ATHENA.MIT.EDU (Casper Dik)Mon May 8 15:43:18 2000

daemon@ATHENA.MIT.EDU (Casper Dik)
Mon May 8 15:43:18 2000