LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
 
Search this Thread
Old 07-22-2004, 05:51 AM   #1
lelolas
LQ Newbie
 
Registered: Jul 2004
Posts: 1

Rep: Reputation: 0
Non executable stack with Linux -- && 64bit CPU needed?


I was reading about non-executable stack @ netBSD.org.
I found also a kernel patch for non-executable stack @ opnewall.

I read @ netBSD.org that at some spesific architectures like AMD64 the non-executable stack is fully supported by the CPU.
In x86 arch there is a software emulation about it.How effective that is ?

So my question is :: Is it good to buy an AMD64 and what is the support for non-executable stack for Linux for both AMD64 && x86 ???
 
Old 07-22-2004, 07:01 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 28,396
Blog Entries: 54

Rep: Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229Reputation: 3229
I found also a kernel patch for non-executable stack @ Openwall.
No need to buy a whole new CPU for having non-exec. Have a look at Grsecurity, especially pax.grsecurity.net for info on PAX.
 
Old 07-23-2004, 12:55 AM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
And for the record, NetBSD actually imported their W^X code from OpenBSD, which does support NX natively with the need for any patches what so ever. Of course, you did ask specifically for Linux support, so you're stuck with Grsecurity or Openwall
 
Old 07-23-2004, 11:07 PM   #4
GodSendDeath
Member
 
Registered: Mar 2004
Posts: 71

Rep: Reputation: 15
Correct me if I am wrong, but does a non-excutable stack mean that stack-based buffer overflows that insert executable code are worthless? Basically, what is the purpose of a non-excutable stack?

-GSD
 
Old 07-23-2004, 11:30 PM   #5
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,253

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
Your average stack based buffer overflow tries to overwrite the address the code executes at, directing it to some other point (specified by the attacker), thus running his code. Often this other code is injected onto the stack itself. So this prevents that attack. If the attacker can make the code jump to somewhere not on the stack, then this protection doesn't help. This makes it harder, though not impossible, for an attacker to do arbitrary code execution. Of course, an attacker can still crash the application by messing around with the stack or by overwriting memory far enough to cause an access violation and the corresponding segmentation fault.

I may be a little off on some of the details (read a paper about this some months back), so someone correct me if I got any of it wrong.
 
Old 07-25-2004, 09:25 PM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You'll probably find this presentation helpful. It explains what the OpenBSD team did to harden their statck. Basically, the protection is called W^X because each page is either writeable, or executable, but never both. This means you can write arbitrary data and then execute it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian Sarge & Raid 5 & Dual CPU JJX Debian 2 10-13-2005 12:24 AM
Japanese canna won't work : Warning: かな漢字変&am OrganicOrange84 Debian 3 06-30-2005 02:28 PM
Phục hồi dữ liệu bị mất???, cứ pollsite General 1 06-27-2005 12:39 PM
Best motherboard & cpu for linux? drum Linux - Hardware 6 02-16-2005 03:01 AM
Basic information needed! PLUGS & WIRES safe & clean- How to? yuppi21 Linux - Hardware 3 11-18-2003 11:01 AM


All times are GMT -5. The time now is 11:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration