Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262285AbVBBSEK (ORCPT ); Wed, 2 Feb 2005 13:04:10 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262363AbVBBSEK (ORCPT ); Wed, 2 Feb 2005 13:04:10 -0500 Received: from dspnet.fr.eu.org ([62.73.5.179]:51205 "EHLO dspnet.fr.eu.org") by vger.kernel.org with ESMTP id S262297AbVBBSCO (ORCPT ); Wed, 2 Feb 2005 13:02:14 -0500 Date: Wed, 2 Feb 2005 19:02:01 +0100 From: Olivier Galibert To: linux-kernel@vger.kernel.org Subject: Re: Sabotaged PaXtest (was: Re: Patch 4/6 randomize the stack pointer) Message-ID: <20050202180201.GD32560@dspnet.fr.eu.org> Mail-Followup-To: Olivier Galibert , linux-kernel@vger.kernel.org References: <200501311015.20964.arjan@infradead.org> <420151B3.27974.D9F79C@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <420151B3.27974.D9F79C@localhost> User-Agent: Mutt/1.4.2.1i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 667 Lines: 15 On Wed, Feb 02, 2005 at 10:18:27PM +1000, pageexec@freemail.hu wrote: > your concerns would be valid if this was impossible to achieve by an > exploit, sadly, you'd be wrong too, it's possible to force an exploited > application to call something like dl_make_stack_executable() and then > execute the shellcode. If you can call mprotect() with a protected environment to unprotect it, you can as easily call exec. OG. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/