On Thu, Nov 12, 2009 at 12:40:54PM +0000, Mindaugas Rasiukevicius wrote:
> Well, I do not really care about this type of philosophical security in the
> kernel, but by estimating the effect, I would say there is more cost than
> benefit - modern x86 machines have a PG_NX bit, which deals with this matter
> in a much better way.
It only prevents attacks where code gets written on the stack. It doesn't
stop attack which overwrite the return address to point and a random
bit of the code segment.
> And if somebody can smash the kernel stack, then your system is doomed
> anyway..
Yes, but the question is whether the attack can panic the kernel (bad)
or gain root access to your system (very, very bad).
Kind regards
--
Matthias Scheler http://zhadum.org.uk/
