[ih] Re: OOT: What is a stack?

James P. Salsman bovik at best.com
Tue Jul 31 13:06:15 PDT 2001

> Date: Tue, 31 Jul 2001 14:57:44 -0400
> From: "David P. Reed" <dpreed at reed.com>
> Small issue: Return addresses of calling routines are on the stack, and 
> they don't require execute access to exploit.  Thus, every fixed length 
> buffer is indeed a potential exploit, whether or not you give "execute" 
> permission to the stack.
> I sense a wish to "blame Microsoft" or "blame Intel" on this one.  Blame 
> the designers of "C" string handling routines, instead

On the contrary, branching to an arbitrary address is very rarely even 
a significant capability in comparison to an executable exploit.  It 
might work in conjunction with a seperate exploit, but not by its self.

Is there any question that the decsions of operating systems 
architects, as to whether they allow code execution from the stack, are 
having a significant impact on the history of the internet?

There ought to be a Plumbing and Building Code for Internet-connected 
hosts. If your hardware forces you to have an executable stack, then you 
need better hardware.


More information about the Internet-history mailing list