On Wed, 6 Nov 2002 04:39, you wrote: > x86 alas doesnt support page level "no execute". Other platforms do and > can run with nonexec stacks. People still exploit them. The libraries > are mostly mapped read only on Linux, people don't need to modify them. > You put arguments on the stack, and corrupt the return code to call the > right C library function.
In IA32, you cannot execute stack-segment code. Because of the way Linux (and other oses) are designed, with a single address space per process, the stack segment and code segment are the same storage, and that's how you get to put executable code on the stack and have it execute. -- Cheers John Summerfield Microsoft's most solid OS: http://www.geocities.com/rcwoolley/ Join the "Linux Support by Small Businesses" list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
