Subject: Code on stack (Re: exploit with memcpy())
To: Jason R Thorpe , David Laight <email@example.com>
From: TAMURA Kent <firstname.lastname@example.org>
Date: 07/04/2002 13:50:12
In message "Re: exploit with memcpy()"
on 02/07/02, Jason R Thorpe <email@example.com> writes:
> > OTOH maybe stopping the stack being executable would be a better
> > ploy for catching the effects of undersize onstack data buffers.
> > (at least then you can only jump to code that exists in the
> > program being executed.)
> That is precisely one of the reasons I'm working on my signals changes.
It is interesting.
I have heard gcc generates trampoline code on stack in some cases.
I guess many exploit code calls syscalls directly, that is "int
$0x80" in i386. To prohibit calling syscalls from stack code
would be sufficient.
TAMURA Kent <kent2002@hauN.org> <firstname.lastname@example.org>