Skip to main content

NX (No eXecute) support for x86, 2.6.7-rc2-bk2

More
20 years 1 month ago #5382 by dchri
NX (No eXecute) support for x86, 2.6.7-rc2-bk2 was created by dchri
Hmm, i think that this is the start of death of buffer overflow on stack attacks .
:D
The only catch is to upgrade to a newer processor! :?

Read carefully .... 8)
www.uwsg.indiana.edu/hypermail/linux/kernel/0406.0/0497.html
"The distance between genius and insanity is measured only by success." --
More
20 years 1 month ago #5385 by sahirh
Replied by sahirh on topic Re: NX (No eXecute) support for x86, 2.6.7-rc2-bk2
Well not really.. lots of architectures have had non-executable stacks for a long time, not to mention that there were even patches for the same... however this will not kill off buffer overflows..

Simple reason -- this just prevents code from being executed on the stack.. it will not prevent buffer overflows (the condition of unchecked input being copied to an undersized memory space)... the 'classic' buffer overflow relied on the executable code being contained in the buffer... in other words, on the stack..

Now with NX, an attacker will just have to store his executable code elsewhere -- for example he can use return to libc style attacks, or even easier, in an environment variable....

There is only one way to stop a bof, thats to check the size of the input you copy.....
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.117 seconds