Date: Tue, 31 Jul 2001 14:57:44 -0400
From: "David P. Reed" <dpreed(_at_)reed(_dot_)com>
Small issue: Return addresses of calling routines are on the stack, and
they don't require execute access to exploit. Thus, every fixed length
buffer is indeed a potential exploit, whether or not you give "execute"
permission to the stack.
I sense a wish to "blame Microsoft" or "blame Intel" on this one. Blame
the designers of "C" string handling routines, instead
On the contrary, branching to an arbitrary address is very rarely even
a significant capability in comparison to an executable exploit. It
might work in conjunction with a seperate exploit, but not by its self.
Is there any question that the decsions of operating systems
architects, as to whether they allow code execution from the stack, are
having a significant impact on the history of the internet?
There ought to be a Plumbing and Building Code for Internet-connected
hosts. If your hardware forces you to have an executable stack, then you
need better hardware.
Cheers,
James