[SECURITY] Samba 2.2.8 available for download
David Collier-Brown -- Customer Engineering
David.Collier-Brown at Sun.COM
Fri Mar 21 14:53:29 GMT 2003
Green, Paul wrote:
However, on a chip that does distinguish areas of
> virtual memory that are code, and areas that are data, and further disallows
> execution of data (absent a specific operating system call to change the
> access mode of that region of virtual memory), it seems to me that it would
> be almost impossible for even a highly skilled attacker to inject binary
> specific code. I consider myself highly skilled on the Stratus VOS
> operating system and I can't for the life of my see how I could get the HP
> PA-RISC microprocessor to execute code that came down the wire as data.
>
I'm inclined to think you're right: if I set stack and data
spaces non-executable on my machine (a SPARC), it makes it
distincltly harder to build an stack-overflow exploit. The
writer can't insert a return address in the code he's added,
but instead has to run something that already exists in the
address space.
In addition, if the code space is protected, it's hard for
the attacker to put exploit code there.
Intel and Samba experts, can you expand on this?
--dave
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems DCMO | some people and astonish the rest.
Toronto, Ontario |
(905) 415-2849 or x52849 | davecb at canada.sun.com
More information about the samba-technical
mailing list