From: Pavel Machek <pavel@suse.cz>
To: Dan Aloni <karrde@callisto.yi.org>,
linux-kernel <linux-kernel@vger.kernel.org>
Cc: mark@itsolve.co.uk
Subject: Re: [RFC] prevention of syscalls from writable segments, breaking bug exploits
Date: Wed, 3 Jan 2001 23:30:52 +0100 [thread overview]
Message-ID: <20010103233052.B9834@bug.ucw.cz> (raw)
In-Reply-To: <Pine.LNX.4.21.0101032259550.20246-100000@callisto.yi.org>
In-Reply-To: <Pine.LNX.4.21.0101032259550.20246-100000@callisto.yi.org>; from Dan Aloni on Wed, Jan 03, 2001 at 11:13:31PM +0200
Hi!
> It is known that most remote exploits use the fact that stacks are
> executable (in i386, at least).
>
> On Linux, they use INT 80 system calls to execute functions in the kernel
> as root, when the stack is smashed as a result of a buffer overflow bug in
> various server software.
>
> This preliminary, small patch prevents execution of system calls which
> were executed from a writable segment. It was tested and seems to work,
> without breaking anything. It also reports of such calls by using
> printk.
Haha.
So exploit needs to call libc function to do dirty work for it. Not so
big deal.
Okay, it might do a trick and deter script kiddies; still it is even
weaker then non-executable stack patches.
Pavel
--
I'm pavel@ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss@linmodems.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2001-01-04 11:00 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-01-03 21:13 [RFC] prevention of syscalls from writable segments, breaking bug exploits Dan Aloni
2001-01-03 21:36 ` Dan Aloni
2001-01-03 21:48 ` [RFC] prevention of syscalls from writable segments, breaking bugexploits Brian Gerst
2001-01-03 21:54 ` [RFC] prevention of syscalls from writable segments, breaking bug exploits Alexander Viro
2001-01-03 22:03 ` Dan Aloni
2001-01-03 22:13 ` Alexander Viro
2001-01-03 22:05 ` Steven Walter
2001-01-03 22:07 ` Dan Hollis
2001-01-03 22:10 ` Doug McNaught
2001-01-03 22:31 ` Alexander Viro
2001-01-03 22:39 ` Mark Zealey
2001-01-03 22:49 ` Alexander Viro
2001-01-03 22:55 ` Mark Zealey
2001-01-03 22:48 ` Dan Aloni
2001-01-03 23:02 ` Alexander Viro
2001-01-03 23:32 ` Dan Hollis
2001-01-03 23:48 ` Nicolas Noble
2001-01-03 23:54 ` Gerhard Mack
2001-01-03 23:57 ` Dan Hollis
2001-01-04 0:34 ` Gerhard Mack
2001-01-04 1:01 ` Dan Hollis
2001-01-04 7:09 ` Gerhard Mack
2001-01-03 23:34 ` Gerhard Mack
2001-01-04 1:51 ` Andi Kleen
2001-01-03 21:57 ` Erik Mouw
2001-01-03 22:12 ` Nicolas Noble
2001-01-03 22:30 ` Pavel Machek [this message]
2001-01-03 23:02 ` [RFC] prevention of syscalls from writable segments, breaking bug Alan Cox
2001-01-05 15:26 ` 2.2.19pre6 maestro3 driver requires ac97_codec (but doesn't claim so) Richard A Nelson
2001-01-03 23:20 ` [RFC] prevention of syscalls from writable segments, breaking bug exploits Jeff Dike
2001-01-04 3:20 ` David Huggins-Daines
2001-01-04 3:32 ` Andi Kleen
2001-01-04 3:41 ` David Huggins-Daines
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010103233052.B9834@bug.ucw.cz \
--to=pavel@suse.cz \
--cc=karrde@callisto.yi.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark@itsolve.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox