[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Stable server hacked



On Thu, Aug 14, 2003 at 12:00:40PM -0400, Matt Zimmerman wrote:
> On Wed, Aug 13, 2003 at 09:00:51PM -0400, valerian wrote:
> 
> > It actually does a very good job of stopping any kind of "stack-smashing"
> > attack dead in its tracks (both the stack and heap are marked as
> > non-executable).  That takes care of most vulnerabilities, both known and
> > unknown.
> 
> No, it really doesn't.  It might stop some common implementations of
> exploits, but that's about it.  There are many papers available which
> describe the shortcomings of this kind of prevention.

Could you provide some pointers on the topic?

> You don't need an executable stack to get control of execution, you only
> need to be able to change the instruction pointer, which is stored on the
> stack (as data).

PaX is not just about non-executable address regions, but address
space randomization.  In my understanding, the attacker just
doesn't know what he should modify the IP to.  Given this, are
you certain that only a narrow range of exploits ("common
implementations") can be killed via PaX?

bit,
adam

-- 
1024D/37B8D989 954B 998A E5F5 BA2A 3622  82DD 54C2 843D 37B8 D989      
finger://borso@vekoll.vein.hu | Some days, my soul's confined
http://www.keyserver.net | And out of mind
Sleep forever



Reply to: