Vulnerability Development mailing list archives
Re: Future of buffer overflows ?
From: Crispin Cowan <crispin () WIREX COM>
Date: Thu, 2 Nov 2000 19:06:01 -0800
Thomas Dullien wrote:
On Wed, 1 Nov 2000 15:21:10 -0300, Gerardo Richarte wrote: Hey Gerardo,This is not a new concept. It's been out there for a while now...Ermm.. no ;> Non-exec heap & stack pages are new to the x86 platform at least. They exist on a few other CPUs, but on x86 they are a 'hack' ;>
That is only partially correct. Solar Designer's patch to linux does in fact implement a non-executable stack segment for x86 processors http://openwall.com/linux/ He gets around the problem that the x86 does not have separate read and execute permission bits on pages by exploiting the fact that the x86 DOES support separate "data" and "execute" segments. With that in mind, he maps the data and execution segments separately, exploiting the fact that the stack and the data portions of memory are at opposite ends of the address space. I believe Solar actually looked at making the data area non-executable, but ended up dropping the idea because he encountered too many comaptibility problems.
Well, that is one of the major problems :) While the methods you describe are all nice & dandy in a lab environment, the don't really work 'in-the-wild'.
That remark needs a :-) Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- Re: Future of buffer overflows ? Thomas Dullien (Nov 03)
- Re: Future of buffer overflows ? Crispin Cowan (Nov 04)
- Re: Future of buffer overflows ? Michael H. Warfield (Nov 05)
- Re: Future of buffer overflows ? Bluefish (P.Magnusson) (Nov 06)
- Re: Future of buffer overflows ? Granquist, Lamont (Nov 06)
- <Possible follow-ups>
- Re: Future of buffer overflows ? Bluefish (P.Magnusson) (Nov 05)
- Re: Future of buffer overflows ? Thomas Dullien (Nov 05)
- Re: Future of buffer overflows ? Bluefish (P.Magnusson) (Nov 09)
- Re: Future of buffer overflows ? David Wagner (Nov 10)