[PLUG] First JPEG virus is out there
Galen Seitz
galens at seitzassoc.com
Wed Sep 29 11:50:03 UTC 2004
Daggett, Steve <Steve.Daggett at fiserv.com> wrote:
>
> Randal wrote:
> >
> > >>>>> "Steve" == Daggett, Steve <Steve.Daggett at fiserv.com> writes:
> >> `smash the stack` [C programming] n. On many C implementations
> >> it is possible to corrupt the execution stack by writing past
> >> the end of an array declared auto in a routine. Code that does
> >> this is said to smash the stack, and can cause return from the
> >> routine to jump to a random address.
> <SNIPAGE>
> >
> > And virtually impossible in OpenBSD now, thanks to W^X,
> > randomized stack pointers, sentry elements on the stack, and
> > randomized order of dynloading.
> >
> > Yeay, OpenBSD. Helping me sleep at night once again.
>
> There are also assorted non-executable stack patches for Linux and GCC
> that do the same kind of thing. Including, Crispin's Immunix StackGuard.
>
> Newer Intel and AMD CPUs include a technology called Data Execution
> Prevention (DEP). The DEP allows specific memory pages to be marked
> non-executable. There is apparently work being done in the Linux kernel to
> support DEP. M$ XP is also moving to DEP based stack protection.
>
Which begs the question, "What took them so long?" PowerPC parts have
always had an execute bit in their MMU.
galen
More information about the PLUG
mailing list