Re: [RFC] prevention of syscalls from writable segments, breaking
Brian Gerst (bgerst@didntduck.org)
Wed, 03 Jan 2001 16:48:23 -0500
Dan Aloni wrote:
>
> It is known that most remote exploits use the fact that stacks are
> executable (in i386, at least).
>
> On Linux, they use INT 80 system calls to execute functions in the kernel
> as root, when the stack is smashed as a result of a buffer overflow bug in
> various server software.
>
> This preliminary, small patch prevents execution of system calls which
> were executed from a writable segment. It was tested and seems to work,
> without breaking anything. It also reports of such calls by using printk.
Do you realise how much overhead you just added to every single
syscall? It won't work anyways, for the same reasons every other
non-exec stack patch has been rejected - exploits exist that don't write
any code to the stack, you just need two pointers.
--
Brian Gerst
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/