Home page logo

bugtraq logo Bugtraq mailing list archives

Re: 2nd Linux kernel patch to remove stack exec
From: reece () TAZ NCEYE NET (Bryan Reece)
Date: Sun, 13 Apr 1997 18:04:30 -0000

Wouldn't it be a better idea to patch crt0 and the function entry and
exit code to generate a magic cookie a word or so long at startup,
write this cookie just below the return address on entry, and test it
before returning, dying horribly if it's not correct anymore?  This
would seem to prevent all exploits involving strcpy and similar, even
those not involving branches to the stack, provided the cookie is
unguessable.  Something like /dev/urandom would be best, but a hash of
pid, gettimeofday, argv, and a compiler-generated seed would be better
than nothing.

             I wouldn't touch ActiveX with a 10-foot polecat.
           I might, however, let one loose on the developers.
                               --cddukes at eos dot ncsu.edu

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]