Re: [RFC] prevention of syscalls from writable segments, breaking bug

Alan Cox (alan@lxorguk.ukuu.org.uk)
Wed, 3 Jan 2001 23:02:12 +0000 (GMT)


> On Linux, they use INT 80 system calls to execute functions in the kernel
> as root, when the stack is smashed as a result of a buffer overflow bug in
> various server software.
>
> This preliminary, small patch prevents execution of system calls which
> were executed from a writable segment. It was tested and seems to work,
> without breaking anything. It also reports of such calls by using printk.

And I swap the int80 for a jmp to an int80 at a predictable location in ld.so

If you are going to do stack tricks then look at Solar Designers patches, he
has at least worked through the issues and even thought about using null bytes
in jump targets for libraries to stop some operations (string stuff)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/