Re: 2nd Linux kernel patch to remove stack exec
Bryan Reece (reece@TAZ.NCEYE.NET)
Sun, 13 Apr 1997 18:04:30 +0000
Wouldn't it be a better idea to patch crt0 and the function entry and
exit code to generate a magic cookie a word or so long at startup,
write this cookie just below the return address on entry, and test it
before returning, dying horribly if it's not correct anymore? This
would seem to prevent all exploits involving strcpy and similar, even
those not involving branches to the stack, provided the cookie is
unguessable. Something like /dev/urandom would be best, but a hash of
pid, gettimeofday, argv, and a compiler-generated seed would be better
than nothing.
--
I wouldn't touch ActiveX with a 10-foot polecat.
I might, however, let one loose on the developers.
--cddukes at eos dot ncsu.edu