On Wed, 20 Aug 1997, Brett Lymn wrote:
> According to Carl S Shapiro:
> >
> >Is there any way to prevent the stack from being executable?
> 
> For the i386 architecture there was some linux hacks that would stop
> the stack being executable - dunno how portable they would be, if at
> all.  You need to be careful about doing this though as the changes
> are more than just a kernel hack.  IIRC gcc relies on an executable
> stack for some of it's trampoline code which means that some things
> could break with a non-executable stack.  The up side is that it does
> provide a convenient method of preventing the fixed-buffer overrun type
> exploits that are currently fashionable in the cracker community.

I was wondering about this last night.  Wouldn't it be enough to make
the stack non-executable for setuid binaries only?  That way, all non-setuid
program continue to work, but quite a few security holes are plugged.

Paul
--
Paul Dokas                                            dokas@cs.umn.edu
======================================================================
Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."