--On Sunday, October 10, 2010 9:53 AM -0400 Brchk05 <brchk05@aim.com> wrote:
I am running Debian 2.6.26-21lenny4 and I am puzzled by an issue with the enforcement of page permissions. I have written a simple program with a basic buffer overflow and compiled two versions using gcc: one with -z execstack and another with -z noexecstack.
I could be wrong as I haven't looked at the whole NX/XD thing in detail, been a while since I've actively done anything of the sort, but, it would seem to me smashing is not the same as executing on the stack necessarily. Overwriting/changing returns on the stack via a smash, or clobbering code via a smash won't be affected by non executable stack, since that's just changing stack variables, now if your code section is also non-writable, and your heap is non-executable, you're further protected but you can still do a return to libc attack. Wikipedia talks about this <http://en.wikipedia.org/wiki/Stack_buffer_overflow#Nonexecutable_stack>