From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263062AbTEBSPx (ORCPT ); Fri, 2 May 2003 14:15:53 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263071AbTEBSPx (ORCPT ); Fri, 2 May 2003 14:15:53 -0400 Received: from x35.xmailserver.org ([208.129.208.51]:41118 "EHLO x35.xmailserver.org") by vger.kernel.org with ESMTP id S263062AbTEBSPw (ORCPT ); Fri, 2 May 2003 14:15:52 -0400 X-AuthUser: davidel@xmailserver.org Date: Fri, 2 May 2003 11:29:11 -0700 (PDT) From: Davide Libenzi X-X-Sender: davide@blue1.dev.mcafeelabs.com To: Florian Weimer cc: Linux Kernel Mailing List Subject: Re: [Announcement] "Exec Shield", new Linux security feature In-Reply-To: <87llxp43ii.fsf@deneb.enyo.de> Message-ID: References: <87llxp43ii.fsf@deneb.enyo.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2 May 2003, Florian Weimer wrote: > Davide Libenzi writes: > > > Ingo, do you want protection against shell code injection ? Have the > > kernel to assign random stack addresses to processes and they won't be > > able to guess the stack pointer to place the jump. > > If your software is broken enough to have buffer overflow bugs, it's > not entirely unlikely that it leaks the stack address as well (IIRC, > BIND 8 did). Leaking the stack address is not a problem in this case, since the next run will be very->very->very likely different. - Davide