Re: [RFC] prevention of syscalls from writable segments, breaking bug exploits

Pavel Machek (pavel@suse.cz)
Wed, 3 Jan 2001 23:30:52 +0100


Hi!

> It is known that most remote exploits use the fact that stacks are
> executable (in i386, at least).
>
> On Linux, they use INT 80 system calls to execute functions in the kernel
> as root, when the stack is smashed as a result of a buffer overflow bug in
> various server software.
>
> This preliminary, small patch prevents execution of system calls which
> were executed from a writable segment. It was tested and seems to work,
> without breaking anything. It also reports of such calls by using
> printk.

Haha.

So exploit needs to call libc function to do dirty work for it. Not so
big deal.

Okay, it might do a trick and deter script kiddies; still it is even
weaker then non-executable stack patches.

Pavel

-- 
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/