Date: Sun, 21 Jun 1998 23:19:50 -0700 From: David Greenman <dg@root.com> To: Nicholas Charles Brawn <ncb05@uow.edu.au> Cc: security@FreeBSD.ORG, bde@FreeBSD.ORG, peter@FreeBSD.ORG Subject: Re: non-executable stack? Message-ID: <199806220619.XAA16784@implode.root.com> In-Reply-To: Your message of "Sat, 20 Jun 1998 21:21:14 %2B1000." <Pine.SOL.3.96.980620211437.13013A-100000@banshee.cs.uow.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
>I was pondering the following after reading about solaris 2.6's >non-executable stack option. > >1. How feasible is it to implement a non-executable stack kernel option? >2. If it *is* feasible, what do people think of a sysctl-based interface >to enable/disenable it? >3. If both 1 & 2 were implemented, how about making it impossible to >disenable at say.. securelevel >= 1? > >If I remember the discussions on bugtraq right, a non-exec patch isn't a >cure-all for buffer overflow attacks. However it would be an overall >security enhancement and prevent many script-based attacks. > >What are peoples thoughts on this? I believe that making the stack non-exec will break the signal trampoline in FreeBSD. Although this may have changed in recent times without me noticing. Bruce? Peter? -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806220619.XAA16784>