Re: Patch 4/6 randomize the stack pointer

From: Arjan van de Ven
Date: Thu Jan 27 2005 - 15:11:57 EST

Next message: Arjan van de Ven: "Re: Patch 4/6 randomize the stack pointer"
Previous message: Lee Revell: "Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature"
In reply to: Julien TINNES: "Re: Patch 4/6 randomize the stack pointer"
Next in thread: John Richard Moser: "Re: Patch 4/6 randomize the stack pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2005-01-27 at 14:19 -0500, linux-os wrote:
> Gentlemen,
>
> Isn't the return address on the stack an offset in the
> code (.text) segment?
>
> How would a random stack-pointer value help? I think you would
> need to start a program at a random offset, not the stack!
> No stack-smasher that worked would care about the value of
> the stack-pointer.

the simple stack exploit works by overflowing a buffer ON THE STACK with
a "dirty payload and then also overwriting the return address to point
back into that buffer.

(all the security guys on this list will now cringe about this over
simplification; yes reality is more complex but lets keep the
explenation simple for Richard)

pointing back into that buffer needs the address of that buffer. That
buffer is on the stack, which is now randomized.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arjan van de Ven: "Re: Patch 4/6 randomize the stack pointer"
Previous message: Lee Revell: "Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature"
In reply to: Julien TINNES: "Re: Patch 4/6 randomize the stack pointer"
Next in thread: John Richard Moser: "Re: Patch 4/6 randomize the stack pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]