From: Ingo Molnar <mingo@redhat.com>
To: "Calin A. Culianu" <calin@ajvar.org>
Cc: Carl-Daniel Hailfinger <c-d.hailfinger.kernel.2003@gmx.net>,
<linux-kernel@vger.kernel.org>
Subject: Re: [Announcement] "Exec Shield", new Linux security feature
Date: Sun, 4 May 2003 04:10:09 -0400 (EDT) [thread overview]
Message-ID: <Pine.LNX.4.44.0305040404300.12757-100000@devserv.devel.redhat.com> (raw)
In-Reply-To: <Pine.LNX.4.33L2.0305040243390.2890-100000@rtlab.med.cornell.edu>
On Sun, 4 May 2003, Calin A. Culianu wrote:
> IIRC, x86 ints have the high-order byte _last_ (ie the fourth byte).
> What's to stop someone from, say, smashing a buffer (and consequently
> return-address) on the stack using something like {0x01, 0x01, 0x01,
> 0x00} which is really address '65793' in base-10. The above is a valid
> ASCII string (3 1's followed by a NUL) which could conceivably end up on
> the stack as the result of an errant strcpy() or gets() or whatever...
you are right, it is possible to use the enclosing \0 to generate an
address into the first 16MB, but how do you get any arguments passed to
that function?
Ingo
next prev parent reply other threads:[~2003-05-04 7:57 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-02 16:37 [Announcement] "Exec Shield", new Linux security feature Ingo Molnar
2003-05-02 17:05 ` Matthias Andree
2003-05-02 17:12 ` Marc-Christian Petersen
2003-05-02 17:12 ` Davide Libenzi
2003-05-02 17:18 ` Arjan van de Ven
2003-05-02 17:32 ` Ingo Molnar
2003-05-02 18:29 ` John Bradford
2003-05-02 18:32 ` H. Peter Anvin
2003-05-02 19:09 ` David Mosberger
2003-05-02 18:51 ` Davide Libenzi
[not found] ` <20030502172011$0947@gated-at.bofh.it>
2003-05-02 18:17 ` Florian Weimer
2003-05-02 18:29 ` Davide Libenzi
2003-05-02 18:32 ` Florian Weimer
2003-05-02 18:50 ` Davide Libenzi
2003-05-02 21:48 ` Carl-Daniel Hailfinger
2003-05-03 6:52 ` Ingo Molnar
2003-05-03 9:56 ` Carl-Daniel Hailfinger
2003-05-03 12:48 ` Arjan van de Ven
2003-05-04 6:52 ` Calin A. Culianu
2003-05-04 8:10 ` Ingo Molnar [this message]
2003-05-04 8:52 ` Ingo Molnar
2003-05-04 15:40 ` Calin A. Culianu
2003-05-04 15:48 ` Sean Neakums
2003-05-04 15:23 ` Calin A. Culianu
2003-05-04 20:07 ` H. Peter Anvin
2003-05-04 20:57 ` Kasper Dupont
2003-05-05 16:20 ` [patch] exec-shield-2.4.21-rc1-C5 Ingo Molnar
[not found] <Pine.LNX.4.44.0305021325130.6565-100000@devserv.devel.redhat.com.suse.lists.linux.kernel>
[not found] ` <200305021829.h42ITclA000178@81-2-122-30.bradfords.org.uk.suse.lists.linux.kernel>
[not found] ` <b8udjm$cgq$1@cesium.transmeta.com.suse.lists.linux.kernel>
2003-05-02 20:51 ` [Announcement] "Exec Shield", new Linux security feature Andi Kleen
2003-05-02 20:56 ` H. Peter Anvin
2003-05-02 21:07 ` Andi Kleen
2003-05-02 21:09 ` H. Peter Anvin
2003-05-02 21:25 ` Andi Kleen
2003-05-02 22:46 Chuck Ebbert
2003-05-03 13:19 linux
2003-05-03 23:00 ` Valdis.Kletnieks
2003-05-04 7:03 ` Calin A. Culianu
2003-05-04 8:49 ` Arjan van de Ven
2003-05-05 13:35 ` Jesse Pollard
2003-05-04 15:24 ` linux
2003-05-04 11:19 Yoav Weiss
2003-05-04 13:51 ` Ingo Molnar
2003-05-04 14:25 Chuck Ebbert
2003-05-04 22:22 ` Richard Henderson
2003-05-05 0:41 ` H. Peter Anvin
[not found] <Pine.LNX.4.44.0305040404300.12757-100000@devserv.devel.redhat.com.suse.lists.linux.kernel>
[not found] ` <Pine.LNX.4.44.0305040448250.24497-100000@devserv.devel.redhat.com.suse.lists.linux.kernel>
2003-05-04 15:48 ` Andi Kleen
2003-05-04 16:20 Yoav Weiss
2003-05-04 23:55 Chuck Ebbert
2003-05-05 3:14 ` H. Peter Anvin
2003-05-05 7:14 Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.44.0305040404300.12757-100000@devserv.devel.redhat.com \
--to=mingo@redhat.com \
--cc=c-d.hailfinger.kernel.2003@gmx.net \
--cc=calin@ajvar.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).