Vulnerability Development mailing list archives
non-executable stacks
From: "Ghaith Nasrawi" <libero () aucegypt edu>
Date: Sun, 14 Nov 2004 21:33:45 +0000
Hey folks, I'm sorry if this question was asked before in this mailing list, but I couldn't find useful information about it everywhere else. Currently, I'm working on Linux 2.6.9-1.667 under Fedora Core 3, and the way to trigger on/off the stack protection is by setting/unsetting "/proc/sys/kernel/exec-shield". Q: Is it possible to change the value of that variable during the course of executing a process, and therefore you'd have the stack as an executable one? (Now, I'm assuming that process has unlimited privileges). The problem is in order to change that value, we need to overwrite the EIP with our variable modifier! Then, we can lay back and have the stack wide open. It goes like a cycle of dependancies ... Any ideas? workarounds? g. "Our care should not be to have lived long as to have lived enough.", Seneca
Current thread:
- non-executable stacks Ghaith Nasrawi (Nov 15)