> I like the idea of turning off execute permission on the stack pages.
It has been shown before that this has these disadvantages:
1. More work settting up those access bits (bloat & perf. degradation)
2. Some programs actually need an exec stack (loss of features)
3. It don't buy you _any_ security at all! (didn't help anyway)
About (3): Of course it stops some of the current exploits, but there is
a trivial way to "enhance" stack-smashing exploits to work around the
non-exec stack:
You can still overwrite the function's return address, on that non-exec
stack. The cracker can no longer upload code and make the function
return to that, but crackers don't need to! All they need is to return
to a place containing exec("/bin/sh") *and such places exist*,
paritcularly in every program using libc. So writing the the exploit
becomes a little harder, using it is as trivial as ever.
Spend the time fixing broken apps, or get them right from the start. It
is not as if writing safe C is _hard_.
Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/