Re: 2nd Linux kernel patch to remove stack exec
Mon, 14 Apr 1997 13:26:28 -0300 (GMT)

> Everyone get the non-executable stack idea out of your heads, it's
> illogical, and it's wrong, and most importantly it breaks too many
> things.

I wonder if anyone actually read that stuff about my GPF handler in the
second patch I posted... Once again: _no_ programs should be broken by
using such a patch. It is only that those executing code on the stack will
have stack execution permission automatically enabled, and will not be
protected from buffer overflow exploits, which is not critical for user
level programs written in Objective C. I think most daemons and setuid
programs will remain in pure C. Refer to my original message with the
second patch for an explanation why this GPF handler stuff can't be used
in exploits dealing with the return address.

In reality, there're some problems with my patch:
-- stack execution permission is not enabled when returning to the stack
from a syscall (this shows up when you type 'print f()' in gdb, where f()
is a function in the program being traced);
-- the check in the GPF handler is not strict enough, making it still
possible to fool around with it in exploits, if the program being exploited
contains some suitable code in it (actually, the problem is that the size
of such code is too small, and it's likely to be there occasionally) --
I wonder why did noone notice that (I finally did myself).

Both are my particular implementation's problems, and I fixed them already
in the patch I'm running right now while typing this message. I'll be posting
it soon, but not right now just in case more problems are reported, to avoid
flooding with multiple versions. Will write more comments on the second
problem I mentioned, with the patch.

Solar Designer