> On Linux, they use INT 80 system calls to execute functions in the kernel > as root, when the stack is smashed as a result of a buffer overflow bug in > various server software. > > This preliminary, small patch prevents execution of system calls which > were executed from a writable segment. It was tested and seems to work, > without breaking anything. It also reports of such calls by using printk. And I swap the int80 for a jmp to an int80 at a predictable location in ld.so If you are going to do stack tricks then look at Solar Designers patches, he has at least worked through the issues and even thought about using null bytes in jump targets for libraries to stop some operations (string stuff) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] Please read the FAQ at http://www.tux.org/lkml/
- Re: [RFC] prevention of syscall... Gerhard Mack
- Re: [RFC] prevention of sys... Dan Hollis
- Re: [RFC] prevention of sys... Gerhard Mack
- Re: [RFC] prevention of sys... Dan Hollis
- Re: [RFC] prevention of sys... Gerhard Mack
- Re: [RFC] prevention of syscalls from writable s... Andi Kleen
- Re: [RFC] prevention of syscalls from writable segmen... Erik Mouw
- Re: [RFC] prevention of syscalls from writable segmen... Nicolas Noble
- Re: [RFC] prevention of syscalls from writable segmen... Jeff Dike
- Re: [RFC] prevention of syscalls from writable segmen... Dan Aloni
- Re: [RFC] prevention of syscalls from writable segmen... Alan Cox
- Re: [RFC] prevention of syscalls from writable segmen... David Huggins-Daines
- Re: [RFC] prevention of syscalls from writable s... Andi Kleen
- Re: [RFC] prevention of syscalls from writab... David Huggins-Daines
- Re: [RFC] prevention of syscalls from writable segmen... Pavel Machek
- Re: [RFC] prevention of syscalls from writable segmen... Mark Zealey
