Hi!
> It is known that most remote exploits use the fact that stacks are
> executable (in i386, at least).
>
> On Linux, they use INT 80 system calls to execute functions in the kernel
> as root, when the stack is smashed as a result of a buffer overflow bug in
> various server software.
>
> Th
Andi Kleen <[EMAIL PROTECTED]> writes:
> On Wed, Jan 03, 2001 at 10:20:37PM -0500, David Huggins-Daines wrote:
> > Dan Aloni <[EMAIL PROTECTED]> writes:
> >
> > > This preliminary, small patch prevents execution of system calls which
> > > were executed from a writable segment.
> >
> > How does
On Wed, Jan 03, 2001 at 10:20:37PM -0500, David Huggins-Daines wrote:
> Dan Aloni <[EMAIL PROTECTED]> writes:
>
> > This preliminary, small patch prevents execution of system calls which
> > were executed from a writable segment.
>
> How does signal return work, then?
Newer glibc sets a sa_rest
Dan Aloni <[EMAIL PROTECTED]> writes:
> This preliminary, small patch prevents execution of system calls which
> were executed from a writable segment.
How does signal return work, then?
--
David Huggins-Daines- [EMAIL PROTECTED]
-
To unsubscribe from this list: send
On Wed, Jan 03, 2001 at 04:54:38PM -0500, Alexander Viro wrote:
>
> Win: 0
> Loss: cost of find_vma() (and down(&mm->mmap_sem), BTW) on every system
It could actually be optimized a lot, e.g. by just read/writing to a byte
in the caller's current code page and handling the exception.
But I agr
Dan Hollis <[EMAIL PROTECTED]> writes:
> On Wed, 3 Jan 2001, Alexander Viro wrote:
> > On Wed, 3 Jan 2001, Dan Aloni wrote:
> > > without breaking anything. It also reports of such calls by using printk.
> > Get real.
>
> Why do you always have to be insulting alex? Sheesh.
I was thinking it's
[EMAIL PROTECTED] said:
> This preliminary, small patch prevents execution of system calls which
> were executed from a writable segment. It was tested and seems to
> work, without breaking anything. It also reports of such calls by
> using printk.
Have you tried running UML on this kernel?
On Wed, Jan 03, 2001 at 04:54:38PM -0500, Alexander Viro wrote:
> On Wed, 3 Jan 2001, Dan Aloni wrote:
>
> > It is known that most remote exploits use the fact that stacks are
> > executable (in i386, at least).
> >
> > On Linux, they use INT 80 system calls to execute functions in the kernel
>
On Wed, Jan 03, 2001 at 11:13:31PM +0200, Dan Aloni wrote:
> It is known that most remote exploits use the fact that stacks are
> executable (in i386, at least).
>
> On Linux, they use INT 80 system calls to execute functions in the kernel
> as root, when the stack is smashed as a result of a buf
9 matches
Mail list logo
