Linus hasn't spoken about this one, to my knowledge - it's different.
Posted May 8, 2003 16:35 UTC (Thu) by
dwheeler (guest, #1216)
Parent article:
Hardening Linux against buffer overflows
Linus may not realize it, but Ingo's "Exec Shield" patch
is subtly different from the patch Linus rejected long ago.
Linus' objection was that it was fairly easy to modify attacks so
that they would simply call a library service (say system("/bin/sh").
And, Linus was correct - the old patch was easily worked around.
Ingo's new patch seems to help deal with that. With this new approach,
the library services you want to call are rigged so that they're
either moved to an "unguessable" location, or have a 0 in the address.
Many attacks aren't able to insert bytes with 0 values.
So, Ingo's patch seems to have a leg up on the previous
no-exec patches.
This doesn't mean it's perfect. Perhaps there's another exploit,
and there are attacks which CAN produce zeros (decompression of any
kind, including graphics files, comes to mind). But this one
is worthy of consideration - its concept is an improvement over the old
no-exec patch.
(
Log in to post comments)
