From: "H. Peter Anvin" <hpa@zytor.com>
To: Chuck Ebbert <76306.1226@compuserve.com>
Cc: linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: [Announcement] "Exec Shield", new Linux security feature
Date: Sun, 04 May 2003 20:14:32 -0700 [thread overview]
Message-ID: <3EB5D718.4050101@zytor.com> (raw)
In-Reply-To: <200305041956_MC3-1-375E-31DB@compuserve.com>
Chuck Ebbert wrote:
>>There is another issue: x86 uses relative jumps, so although "ASCII
>>armor" addresses aren't easily accessible using return address smashes
>>(although the \0 at the end thing is a real issue), you may be able to
>>get to them through a jump instruction.
>
> Does the instruction-pointer-relative data addressing mode added by
> AMD64 make these exploits easier? Maybe someone should be working on a
> version of this patch for that platform...
>
No, they don't, not if your mode of exploit is hacking return addresses
on the stack.
AMD64 makes this pretty easy, *ALL* user-space addresses are in the
"ASCII armour" area, and it supports exec-off. Apparently this is
currently off by default, but Andi Kleen says that they have identified
the bug that caused it and they're making it available as a kernel option.
-hpa
next prev parent reply other threads:[~2003-05-05 3:02 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-04 23:55 [Announcement] "Exec Shield", new Linux security feature Chuck Ebbert
2003-05-05 3:14 ` H. Peter Anvin [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-05-05 7:14 Ingo Molnar
2003-05-04 16:20 Yoav Weiss
[not found] <Pine.LNX.4.44.0305040404300.12757-100000@devserv.devel.redhat.com.suse.lists.linux.kernel>
[not found] ` <Pine.LNX.4.44.0305040448250.24497-100000@devserv.devel.redhat.com.suse.lists.linux.kernel>
2003-05-04 15:48 ` Andi Kleen
2003-05-04 14:25 Chuck Ebbert
2003-05-04 22:22 ` Richard Henderson
2003-05-05 0:41 ` H. Peter Anvin
2003-05-04 11:19 Yoav Weiss
2003-05-04 13:51 ` Ingo Molnar
2003-05-03 13:19 linux
2003-05-03 23:00 ` Valdis.Kletnieks
2003-05-04 7:03 ` Calin A. Culianu
2003-05-04 8:49 ` Arjan van de Ven
2003-05-05 13:35 ` Jesse Pollard
2003-05-04 15:24 ` linux
2003-05-02 22:46 Chuck Ebbert
[not found] <Pine.LNX.4.44.0305021325130.6565-100000@devserv.devel.redhat.com.suse.lists.linux.kernel>
[not found] ` <200305021829.h42ITclA000178@81-2-122-30.bradfords.org.uk.suse.lists.linux.kernel>
[not found] ` <b8udjm$cgq$1@cesium.transmeta.com.suse.lists.linux.kernel>
2003-05-02 20:51 ` Andi Kleen
2003-05-02 20:56 ` H. Peter Anvin
2003-05-02 21:07 ` Andi Kleen
2003-05-02 21:09 ` H. Peter Anvin
2003-05-02 21:25 ` Andi Kleen
2003-05-02 16:37 Ingo Molnar
2003-05-02 17:05 ` Matthias Andree
2003-05-02 17:12 ` Marc-Christian Petersen
2003-05-02 17:12 ` Davide Libenzi
2003-05-02 17:18 ` Arjan van de Ven
2003-05-02 17:32 ` Ingo Molnar
2003-05-02 18:29 ` John Bradford
2003-05-02 18:32 ` H. Peter Anvin
2003-05-02 19:09 ` David Mosberger
2003-05-02 18:51 ` Davide Libenzi
[not found] ` <20030502172011$0947@gated-at.bofh.it>
2003-05-02 18:17 ` Florian Weimer
2003-05-02 18:29 ` Davide Libenzi
2003-05-02 18:32 ` Florian Weimer
2003-05-02 18:50 ` Davide Libenzi
2003-05-02 21:48 ` Carl-Daniel Hailfinger
2003-05-03 6:52 ` Ingo Molnar
2003-05-03 9:56 ` Carl-Daniel Hailfinger
2003-05-03 12:48 ` Arjan van de Ven
2003-05-04 6:52 ` Calin A. Culianu
2003-05-04 8:10 ` Ingo Molnar
2003-05-04 8:52 ` Ingo Molnar
2003-05-04 15:40 ` Calin A. Culianu
2003-05-04 15:48 ` Sean Neakums
2003-05-04 15:23 ` Calin A. Culianu
2003-05-04 20:07 ` H. Peter Anvin
2003-05-04 20:57 ` Kasper Dupont
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3EB5D718.4050101@zytor.com \
--to=hpa@zytor.com \
--cc=76306.1226@compuserve.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.