Date: Tue, 31 Jul 2001 16:32:45 -0400
From: "David P. Reed" <dpreed(_at_)reed(_dot_)com>
... I suspect that there are as many *possible* exploits that
don't need to execute code in the stack as there are not....
So, Microsoft engineers, if half of all possible exploits might be
eliminated by changing an MMU flag in the stack segment allocation
routine(s), why not give it a try on Windows just to say you did?
The only things certain to break are the CodeRed worm, along with
all similar stack buffer overflow exploits in any other products,
and the gdb debugger for Interix. If you are smart, you can
probably figure out how to let the user select an executable stack
for Interix, and whatever other poorly-designed processes which
also need an executable stack for whatever bizzare reason.
Cheers,
James
P.S. Interix is Microsoft's version of unix for Win2K, which comes
with a real file system, POSIX .1 and .2, shells, Perl, BSD sockets,
SVID IPC, Win32api (no WINE required), X11r5, inetd, etc.
http://www.microsoft.com/WINDOWS2000/interix/