[PLUG] First JPEG virus is out there

Galen Seitz galens at seitzassoc.com
Wed Sep 29 11:50:03 PDT 2004

Daggett, Steve <Steve.Daggett at fiserv.com> wrote:

> Randal wrote:
> > 
> > >>>>> "Steve" == Daggett, Steve <Steve.Daggett at fiserv.com> writes:
> >> `smash the stack` [C programming] n. On many C implementations
> >> it is possible to corrupt the execution stack by writing past
> >> the end of an array declared auto in a routine. Code that does
> >> this is said to smash the stack, and can cause return from the
> >> routine to jump to a random address.
> > 
> > And virtually impossible in OpenBSD now, thanks to W^X, 
> > randomized stack pointers, sentry elements on the stack, and 
> > randomized order of dynloading.
> > 
> > Yeay, OpenBSD.  Helping me sleep at night once again.
>   There are also assorted non-executable stack patches for Linux and GCC
> that do the same kind of thing.  Including, Crispin's Immunix StackGuard.
>   Newer Intel and AMD CPUs include a technology called Data Execution
> Prevention (DEP).  The DEP allows specific memory pages to be marked
> non-executable.  There is apparently work being done in the Linux kernel to
> support DEP.  M$ XP is also moving to DEP based stack protection.  

Which begs the question, "What took them so long?"  PowerPC parts have
always had an execute bit in their MMU.


More information about the PLUG mailing list