Re: Subject: CVS commit: src/share/mk

To: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Subject: Re: Subject: CVS commit: src/share/mk
From: Matthias Scheler <tron%netbsd.org@localhost>
Date: Thu, 12 Nov 2009 13:28:34 +0000

On Thu, Nov 12, 2009 at 12:40:54PM +0000, Mindaugas Rasiukevicius wrote:
> Well, I do not really care about this type of philosophical security in the
> kernel, but by estimating the effect, I would say there is more cost than
> benefit - modern x86 machines have a PG_NX bit, which deals with this matter
> in a much better way.

It only prevents attacks where code gets written on the stack. It doesn't
stop attack which overwrite the return address to point and a random
bit of the code segment.

> And if somebody can smash the kernel stack, then your system is doomed
> anyway..

Yes, but the question is whether the attack can panic the kernel (bad)
or gain root access to your system (very, very bad).

        Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/

References:
- Re: Subject: CVS commit: src/share/mk
  - From: Mindaugas Rasiukevicius
- Re: Subject: CVS commit: src/share/mk
  - From: Matthias Scheler
- Re: Subject: CVS commit: src/share/mk
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: Subject: CVS commit: src/share/mk
Next by Date: Re: Subject: CVS commit: src/share/mk
Previous by Thread: Re: Subject: CVS commit: src/share/mk
Next by Thread: Re: Subject: CVS commit: src/share/mk
Indexes:

Home | Main Index | Thread Index | Old Index