[ih] Re: OOT: What is a stack?
James P. Salsman
bovik at best.com
Tue Jul 31 13:06:15 PDT 2001
> Date: Tue, 31 Jul 2001 14:57:44 -0400
> From: "David P. Reed" <dpreed at reed.com>
>
> Small issue: Return addresses of calling routines are on the stack, and
> they don't require execute access to exploit. Thus, every fixed length
> buffer is indeed a potential exploit, whether or not you give "execute"
> permission to the stack.
>
> I sense a wish to "blame Microsoft" or "blame Intel" on this one. Blame
> the designers of "C" string handling routines, instead
On the contrary, branching to an arbitrary address is very rarely even
a significant capability in comparison to an executable exploit. It
might work in conjunction with a seperate exploit, but not by its self.
Is there any question that the decsions of operating systems
architects, as to whether they allow code execution from the stack, are
having a significant impact on the history of the internet?
There ought to be a Plumbing and Building Code for Internet-connected
hosts. If your hardware forces you to have an executable stack, then you
need better hardware.
Cheers,
James
More information about the Internet-history
mailing list