[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Subject: CVS commit: src/share/mk
On Thu, Nov 12, 2009 at 12:40:54PM +0000, Mindaugas Rasiukevicius wrote:
> Well, I do not really care about this type of philosophical security in the
> kernel, but by estimating the effect, I would say there is more cost than
> benefit - modern x86 machines have a PG_NX bit, which deals with this matter
> in a much better way.
It only prevents attacks where code gets written on the stack. It doesn't
stop attack which overwrite the return address to point and a random
bit of the code segment.
> And if somebody can smash the kernel stack, then your system is doomed
Yes, but the question is whether the attack can panic the kernel (bad)
or gain root access to your system (very, very bad).
Matthias Scheler http://zhadum.org.uk/
Main Index |
Thread Index |