On Thu, 2005-01-27 at 14:19 -0500, linux-os wrote: > Gentlemen, > > Isn't the return address on the stack an offset in the > code (.text) segment? > > How would a random stack-pointer value help? I think you would > need to start a program at a random offset, not the stack! > No stack-smasher that worked would care about the value of > the stack-pointer.
the simple stack exploit works by overflowing a buffer ON THE STACK with a "dirty payload and then also overwriting the return address to point back into that buffer. (all the security guys on this list will now cringe about this over simplification; yes reality is more complex but lets keep the explenation simple for Richard) pointing back into that buffer needs the address of that buffer. That buffer is on the stack, which is now randomized. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
