Stack guards, PaX and such

Stack guards, PaX and such

[David Jacoby]

Hi everyone!

I hope you had an nice and relaxing x-mas and are ready for a nice new 
years eve.
I just have a little question, i really dont if this has ben discussed 
before, but if it
has im really sorry.

Why aint there any stack protectors such as PaX or something similar on 
the Linux
kernel? Couldent it be an idea for the Linux Development Team to create 
something
that will protect against the most known attacks? Im not talking about 
preventling everything
because thats impossible and there will always be some way to trick 
these protectors. But
remove most of the "attacks".


//David


-- 
Outpost24 AB

David Jacoby
Research & Development

Office: +46-455-612310
Mobile: +46-455-612311
(www.outpost24.com) (dj@outpost24.com) 

Re: Stack guards, PaX and such

[Arjan van de Ven]

On Thu, 2004-12-30 at 10:12 +0100, David Jacoby wrote:
> Hi everyone!
> 
> I hope you had an nice and relaxing x-mas and are ready for a nice new 
> years eve.
> I just have a little question, i really dont if this has ben discussed 
> before, but if it
> has im really sorry.

are you talking about making the userspace stack not executable or the
kernel stacks?
With NX, userspace stacks already are not executable (and if you have a
cpu without NX you can use the execshield patches or PaX)

As for kernel stacks, well, with NX those are not executable either, and
to be honest, I can't remember the last time there was a user
exploitable kernel stack buffer overflow. So if your assertion is that
those are a common type of security problem, I disagree with you.
(One of the underlying causes is that the kernel stack is only really
small so it's relatively uncommon and deprecated to put arrays on the
kernel stack)