Date: Sun, 19 Jul 1998 16:18:22 -0600 From: Brett Glass <brett@lariat.org> To: security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <199807192218.QAA03558@lariat.lariat.org>
next in thread | raw e-mail | index | archive | help
At 10:43 PM 7/19/98 +0000, you wrote: >Making the stack non executable doesn't stop buffer overflow attacks; >see www.geek-girl.com/bugtraq/ for more information. It should stop most of them. I could imagine a situation where one subverted a program by changing its data (for example, one could force commands into an interpreter by putting them into higher stack frames). However, the most common method seems to be to plant a bogus return address that points to machine code that does the cracker's bidding. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807192218.QAA03558>