Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Linux kernel patch to remove stack exec permission
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Sat, 12 Apr 1997 23:06:53 +0200

There seemed to be no patch for Linux kernel to remove execute permission
from the stack (to prevent most buffer overflow exploits), so I decided to
make one, I include it at the end of this message. I heard some rumours that
GCC assumes stack frame to be executable when dealing with nested functions,
but I couldn't reproduce that. I'm running this patched kernel for a day now,
and everything (well, except for the exploits) seems to work fine. However,
some programs may depend on the stack being executable... I'd like to hear
any reports of this.

Gcc assumes the stack is executable when it passes nested functions
as parameters (nested functions require a pointer to the scope, so
a small function is pushed on teh stack that adds an extra argument.

Not standard C, anyway.

created a new descriptor instead, leaving the old one with its original
limit, since that still allows to execute some code on the stack when needed,
by using old code segment selector. For example, the kernel itself needs that
ability to return from signal handlers.

Can you use mprotect to deprotect the stack?

I'm told the x86 systems don't have page granularity when it comes to
execute permissions, only per descriptor (of which you have four?)?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]