Solar Designer. "NonExecutable User Stack." http://www.false.com/security/linux-stack/.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....to hinder an exploit by limiting the memory segments that code can execute in. Solar Designer architected a kernel modification to x86 Linux to prevent execution in stack pages. Exploits will not be able to run their own code if the bu#er resides on the stack (which most bu#er overflows do) [16]. Sun also built an optionally enabled non executable stack into the Sparc version of Solaris. PaX is a x86 Linux kernel modification to mark all data pages non executable, not just stack pages. PaX inhibits heap exploits in addition to stack overflows [14] There are several overflow exploits ....

Solar Designer. "NonExecutable User Stack." http://www.false.com/security/linux-stack/.

....execution of injected code These methods allow step A and B to occur, but disable step C. So code and addresses can be injected into memory and control flow can be transferred to the injected code, but the injected code cannot be executed completely. Solar Designer s non executable stack [14] and intrusion detection, e.g. R. Sekar s [24] and Wenke Lee s [25] intrusion detection methods use this strategy to defend programs against buffer overflow attacks. In Solar Designer s case, they make the stack non executable; so even though control flow can be transferred to the injected code, ....

....code to launch a buffer overflow attack. 6.5 Solar Designer s Non Executable Stack Injecting code into stack and changing a return address to point to it is the most common form of buffer overflow attacks, so making a non executable stack will defeat the above kind of attack. Solar Designer [14], an alias, has written a patch for Linux kernel to make the stack non executable. This kind of patch has a very small performance cost. Besides, since it doesn t need to re compile the source code, users don t need to find the source code to use this new kernel. But the above method only works ....

"Solar Designer". Non-Executable User Stack. http://www.openwall.com/ 17

....the execution of sensitive code: These methods allow step 1 and 2 to occur, but disable step 3. So code and addresses can be injected into memory and control flow can be transferred to the injected code, but the injected code can not be executed completely. Solar Designer s non executable stack [14], intrusion detection, e.g. R. Sekar s intrusion detection [24] and Wenke Lee s [25] intrusion detection, and SCD (System Call Defender) use this strategy to defend programs against buffer overflow attacks. In Solar Designer s case, they make the stack non executable, so even though control flow ....

....code to launch a buffer overflow attack. 6.5 Solar Designer s Non Executable Stack Injecting code into stack and changing a return address to point to it is the most common form of buffer overflow attacks, so making a non executable stack will defeat the above kind of attack. Solar Designer [14], an alias, has written a patch for Linux kernel to make the stack non executable. This kind of patch has a very small performance cost. Besides, since it doesn t need to re compile the source code, users don t need to find the source code to use this new kernel. But the above method only works ....

"Solar Designer". Non-Executable User Stack. http://www.openwall.com/

.... details about the art of writing buffer overflow exploits, we refer the interested reader to the wealth of publications on the issue (e.g. 1, 16] Various pro active and reactive solutions have been proposed that are characterized by different targets, i.e. source or executable code (e.g. [20, 10, 19, 4]) In order to devise a filtering scheme that will protect the system from root compromise via buffer overrun, we characterize the necessary conditions for a buffer overrun to succeed. The critical components of such an attack are the setuid to root program and the possibility of passing ....

Solar Designer, "Non-Executable user stack," http://www.false.com/security/linux-stack/. 6

....program exits, is freed only once, and is not used after it is freed. Violations of these rules produce run time error reports to facilitate debugging, but these reports could become security alerts. Non executable Stack: Casper Dik and Solar Designer produced patches for Solaris [7] and Linux [6], respectively, that make the stack segment of the user s virtual address space nonexecutable. This protects programs from stack smashing attacks, which inject code onto the program s stack, and alter the return address to jump to that code. If the stack is not executable, this attack fails. ....

"Solar Designer". Non-Executable User Stack. http://www.false.com/security/ linux-stack/.

....projects, and compares them against StackGuard. The result is not a conclusion of which approach is better, but rather a description of the different trade offs that each approach provides. 6. 1 Non Executable Stack Solar Designer has developed a Linux patch that makes the stack non executable [6], precisely to address the stack smashing problem. This patch simply makes the stack portion of a user process s virtual address space non executable, so that attack code injected onto the stack cannot be executed. This patch offers the advantages of zero performance penalty, and that programs ....

"Solar Designer". Non-Executable User Stack. http://www.false.com/security/ linux-stack/.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC