Re: 2nd Linux kernel patch to remove stack exec

Bryan Reece (reece@TAZ.NCEYE.NET)
Sun, 13 Apr 1997 18:04:30 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Miguel de Icaza: "Re: 2nd Linux kernel patch to remove stack exec"
Previous message: Greg Stark: "Re: 2nd Linux kernel patch to remove stack exec"
Maybe in reply to: Solar Designer: "2nd Linux kernel patch to remove stack exec"
Next in thread: Miguel de Icaza: "Re: 2nd Linux kernel patch to remove stack exec"

Wouldn't it be a better idea to patch crt0 and the function entry and
exit code to generate a magic cookie a word or so long at startup,
write this cookie just below the return address on entry, and test it
before returning, dying horribly if it's not correct anymore? This
would seem to prevent all exploits involving strcpy and similar, even
those not involving branches to the stack, provided the cookie is
unguessable. Something like /dev/urandom would be best, but a hash of
pid, gettimeofday, argv, and a compiler-generated seed would be better
than nothing.

--
             I wouldn't touch ActiveX with a 10-foot polecat.
           I might, however, let one loose on the developers.
                               --cddukes at eos dot ncsu.edu

Next message: Miguel de Icaza: "Re: 2nd Linux kernel patch to remove stack exec"
Previous message: Greg Stark: "Re: 2nd Linux kernel patch to remove stack exec"
Maybe in reply to: Solar Designer: "2nd Linux kernel patch to remove stack exec"
Next in thread: Miguel de Icaza: "Re: 2nd Linux kernel patch to remove stack exec"