Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Subject: CVS commit: src/share/mk

On Thu, Nov 12, 2009 at 12:40:54PM +0000, Mindaugas Rasiukevicius wrote:
> Well, I do not really care about this type of philosophical security in the
> kernel, but by estimating the effect, I would say there is more cost than
> benefit - modern x86 machines have a PG_NX bit, which deals with this matter
> in a much better way.

It only prevents attacks where code gets written on the stack. It doesn't
stop attack which overwrite the return address to point and a random
bit of the code segment.

> And if somebody can smash the kernel stack, then your system is doomed
> anyway..

Yes, but the question is whether the attack can panic the kernel (bad)
or gain root access to your system (very, very bad).

        Kind regards

Matthias Scheler                        

Home | Main Index | Thread Index | Old Index