Subject: Re: non-executable stack (via PT_GNU_STACK) not being enforced
--On Sunday, October 10, 2010 9:53 AM -0400 Brchk05 <
brchk05@aim.com> wrote:
>
>
>
> I am running Debian 2.6.26-21lenny4 and I am puzzled by an issue with the
> enforcement of page permissions. I have written a simple program with a
> basic buffer overflow and compiled two versions using gcc: one with -z
> execstack and another with -z noexecstack.
>
>
I could be wrong as I haven't looked at the whole NX/XD thing in detail,
been a while since I've actively done anything of the sort, but, it would
seem to me smashing is not the same as executing on the stack necessarily.
Overwriting/changing returns on the stack via a smash, or clobbering code
via a smash won't be affected by non executable stack, since that's just
changing stack variables, now if your code section is also non-writable,
and your heap is non-executable, you're further protected but you can still
do a return to libc attack. Wikipedia talks about this
<
http://en.wikipedia.org/wiki/Stack_buffer_overflow#Nonexecutable_stack>
--
To UNSUBSCRIBE, email to
debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Archive:
http://lists.debian.org/2CCC3B7FE7647C824EB6F067@[192.168.1.68]