Green, Paul wrote: However, on a chip that does distinguish areas of
virtual memory that are code, and areas that are data, and further disallows execution of data (absent a specific operating system call to change the access mode of that region of virtual memory), it seems to me that it would be almost impossible for even a highly skilled attacker to inject binary specific code. I consider myself highly skilled on the Stratus VOS operating system and I can't for the life of my see how I could get the HP PA-RISC microprocessor to execute code that came down the wire as data.
I'm inclined to think you're right: if I set stack and data spaces non-executable on my machine (a SPARC), it makes it distincltly harder to build an stack-overflow exploit. The writer can't insert a return address in the code he's added, but instead has to run something that already exists in the address space.
In addition, if the code space is protected, it's hard for the attacker to put exploit code there.
Intel and Samba experts, can you expand on this?
--dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]