Re: executable stacks, a few suggetions

Ingo Molnar (mingo@pc5829.hil.siemens.at)
Mon, 14 Apr 1997 15:41:26 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ingo Molnar: "Re: executable stacks, a few suggetions"
Previous message: solar@sun1.ideal.ru: "Re: executable stacks, a few suggetions"

> > i would suggest to turn executable stack off only for setuid exec()'s
>
> What about daemons? These are even more important, and, as I'm going to
> explain when posting the final patch, removed stack execution permission
> is possible to bypass in less cases when exploiting remotely than locally.

maybe we could temporarily add it as an ext2fs attribute? exec() honors
this attribute then, and installs the 'safe' code segment when building
the process.

if it's a custom patch, one can abuse all kinds of already existant ext2fs
attributes. [but maybe there is place for a new one?]

-- mingo

Next message: Ingo Molnar: "Re: executable stacks, a few suggetions"
Previous message: solar@sun1.ideal.ru: "Re: executable stacks, a few suggetions"