Re: non-executable stack (via PT_GNU_STACK) not being enforced
--On Sunday, October 10, 2010 9:53 AM -0400 Brchk05 <firstname.lastname@example.org> wrote:
I am running Debian 2.6.26-21lenny4 and I am puzzled by an issue with the
enforcement of page permissions. I have written a simple program with a
basic buffer overflow and compiled two versions using gcc: one with -z
execstack and another with -z noexecstack.
I could be wrong as I haven't looked at the whole NX/XD thing in detail,
been a while since I've actively done anything of the sort, but, it would
seem to me smashing is not the same as executing on the stack necessarily.
Overwriting/changing returns on the stack via a smash, or clobbering code
via a smash won't be affected by non executable stack, since that's just
changing stack variables, now if your code section is also non-writable,
and your heap is non-executable, you're further protected but you can still
do a return to libc attack. Wikipedia talks about this