[PLUG] First JPEG virus is out there
Daggett, Steve
Steve.Daggett at fiserv.com
Wed Sep 29 10:49:02 UTC 2004
Randal wrote:
>
> >>>>> "Steve" == Daggett, Steve <Steve.Daggett at fiserv.com> writes:
>> `smash the stack` [C programming] n. On many C implementations
>> it is possible to corrupt the execution stack by writing past
>> the end of an array declared auto in a routine. Code that does
>> this is said to smash the stack, and can cause return from the
>> routine to jump to a random address.
<SNIPAGE>
>
> And virtually impossible in OpenBSD now, thanks to W^X,
> randomized stack pointers, sentry elements on the stack, and
> randomized order of dynloading.
>
> Yeay, OpenBSD. Helping me sleep at night once again.
There are also assorted non-executable stack patches for Linux and GCC
that do the same kind of thing. Including, Crispin's Immunix StackGuard.
Newer Intel and AMD CPUs include a technology called Data Execution
Prevention (DEP). The DEP allows specific memory pages to be marked
non-executable. There is apparently work being done in the Linux kernel to
support DEP. M$ XP is also moving to DEP based stack protection.
Steve D...
More information about the PLUG
mailing list