In message "Re: exploit with memcpy()"
    on 02/07/02, Jason R Thorpe <thorpej@wasabisystems.com> writes:
>  > OTOH maybe stopping the stack being executable would be a better
>  > ploy for catching the effects of undersize onstack data buffers.
>  > (at least then you can only jump to code that exists in the
>  > program being executed.)
> 
> That is precisely one of the reasons I'm working on my signals changes.

It is interesting.
I have heard gcc generates trampoline code on stack in some cases.

I guess many exploit code calls syscalls directly, that is "int
$0x80" in i386.  To prohibit calling syscalls from stack code
would be sufficient.

-- 
TAMURA Kent <kent2002@hauN.org> <kent@netbsd.org>