Bugtraq mailing list archives

Re: 2nd Linux kernel patch to remove stack exec

From: reece () TAZ NCEYE NET (Bryan Reece)
Date: Sun, 13 Apr 1997 18:04:30 -0000


Wouldn't it be a better idea to patch crt0 and the function entry and
exit code to generate a magic cookie a word or so long at startup,
write this cookie just below the return address on entry, and test it
before returning, dying horribly if it's not correct anymore?  This
would seem to prevent all exploits involving strcpy and similar, even
those not involving branches to the stack, provided the cookie is
unguessable.  Something like /dev/urandom would be best, but a hash of
pid, gettimeofday, argv, and a compiler-generated seed would be better
than nothing.

--
             I wouldn't touch ActiveX with a 10-foot polecat.
           I might, however, let one loose on the developers.
                               --cddukes at eos dot ncsu.edu

Current thread:

Re: 2nd Linux kernel patch to remove stack exec, (continued)
- - - Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
    - more l0phtcrack errata Systemkennung Linux (Apr 13)
    - PGP Distributed Attack Aleph One (Apr 14)
    - Re: PGP Distributed Attack Perry E. Metzger (Apr 14)
    - Re: PGP Distributed Attack Paul C Leyland (Apr 15)
    - Juggernaut 1.1 patch G P R (Apr 15)
    - Re: PGP Distributed Attack Ubermensch (Apr 14)
    - Re: PGP Distributed Attack Tom Guptill (Apr 14)
    - Re: 2nd Linux kernel patch to remove stack exec Bernd Schmidt (Apr 14)
    - mail bombing ;-) Alain Mellan (Apr 14)
  - Re: 2nd Linux kernel patch to remove stack exec Bryan Reece (Apr 13)
    - Re: 2nd Linux kernel patch to remove stack exec Andreas Borchert (Apr 14)