[14859] in bugtraq
Re: non-exec stack
daemon@ATHENA.MIT.EDU (Gert Doering)
Wed May 10 20:10:04 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000509211251.C23536@greenie.muc.de>
Date: Tue, 9 May 2000 21:12:51 +0200
Reply-To: Gert Doering <gert@GREENIE.MUC.DE>
From: Gert Doering <gert@GREENIE.MUC.DE>
X-To: Casper Dik <Casper.Dik@HOLLAND.SUN.COM>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200005080806.KAA28141@romulus.Holland.Sun.COM>; from Casper Dik
on Mon, May 08, 2000 at 10:06:04AM +0200
Hi,
On Mon, May 08, 2000 at 10:06:04AM +0200, Casper Dik wrote:
> >Here's an overflow exploit that works on a non-exec stack on x86 boxes.
> >It demonstrates how it is possible to thread together several libc
> >calls. I have not seen any other exploits for x86 that have done this..
>
> Non-executable stacks do not work in Solaris/x86.
>
> It is impossible to give page level protection that prevents
> execution on the x86 architecture.
Hmmm, so how do they do that on Linux? I thought Solar Designer had a
non-exec-stack patch for Linux.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert@greenie.muc.de
fax: +49-89-35655025 gert.doering@physik.tu-muenchen.de
