Re: OS stopping stack buffer overflow exploits

From: Gabor Lenart (
Date: Mon Jun 05 2000 - 05:15:12 EST

On Sat, Jun 03, 2000 at 09:06:46PM -0500, Robert Redelmeier wrote:
> While thinking about stack buffer overflow exploits (like `bind`),
> it occured to me that our beloved OS [Linux] might be able to
> provide some security for the many poorly-written suid-root apps.
> The key to these exploits is the ability to hijack the thread
> of execution by overwriting the return address on the stack.
> There are a couple of x86 mechanisms that could be used to
> stop the hijack:
> 1) The limit portion of the processes' CS segment descriptor
> could be adjusted downwards, so the stack addresses would not
> be executable and attempting would trigger a #GP exception.

This would casue to fail some already used technique like trampolines.
There's such a patch, it's named "Secure Linux" patch from Solar Designer
(I think the URL is It can autodetect trampoline
usage too to enable them. Of course the security is not maximum in this
case but most of the cook-book exploits should be stopped by this patch
I've been using it for ages, and it's a great piece of patch.
It also contains some other security fixings. All of them can be tuned
by Linux kernel config mechanisms before compiling after you appiled the

- Gabor

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:20 EST