[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: non-executable stack (via PT_GNU_STACK) not being enforced

--On Sunday, October 10, 2010 9:53 AM -0400 Brchk05 <brchk05@aim.com> wrote:

I am running Debian 2.6.26-21lenny4 and I am puzzled by an issue with the
enforcement of page permissions.  I have written a simple program with a
basic buffer overflow and compiled two versions using gcc: one with -z
execstack and another with -z noexecstack.

I could be wrong as I haven't looked at the whole NX/XD thing in detail, been a while since I've actively done anything of the sort, but, it would seem to me smashing is not the same as executing on the stack necessarily. Overwriting/changing returns on the stack via a smash, or clobbering code via a smash won't be affected by non executable stack, since that's just changing stack variables, now if your code section is also non-writable, and your heap is non-executable, you're further protected but you can still do a return to libc attack. Wikipedia talks about this <http://en.wikipedia.org/wiki/Stack_buffer_overflow#Nonexecutable_stack>

Reply to: