At 10:43 PM 7/19/98 +0000, you wrote:
>Making the stack non executable doesn't stop buffer overflow attacks;
>see www.geek-girl.com/bugtraq/ for more information.
It should stop most of them. I could imagine a situation where one
subverted a program by changing its data (for example, one could
force commands into an interpreter by putting them into higher
stack frames).
However, the most common method seems to be to plant a bogus return
address that points to machine code that does the cracker's bidding.
--Brett
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message