![](https://seccdn.libravatar.org/avatar/27baa448681c4a5c26d14d8f44fbe635.jpg?s=120&d=mm&r=g)
On Mon, 20 Jan 2003 03:24:45 +0100 (CET)
"Carlos E. R."
The 03.01.19 at 07:52, zentara wrote:
Off the top of my head, I think the grsecurity kernel patch has an option to allow you to make the stack non-executable. BUT it breaks alot of programs, notably X. The grsecurity system does allow you to specifically exempt certain programs though.
Now that makes me wonder... why would the stack need to be executable? It should only be needed for local data and return address for subroutines, and things lke that, no? Or does somebody uses hacks like selfmodifying code?
Here is the "help" from the grsecurity patch menuconfig section. CONFIG_GRKERNSEC_PAX_NOEXEC: By design the IA-32 architecture does not allow for protecting memory pages against execution, i.e. if a page is readable (such as the stack or heap) it is also executable. There is a well known exploit technique that makes use of this fact and a common programming mistake where an attacker can introduce executable code of his choice somewhere in the attacked program's memory (typically the stack or the heap) and then execute it. If the attacked program was running with different (typically higher) privileges than that of the attacker, then he can elevate his own privilege level (e.g. get a root shell, write to files for which he does not have write access to, etc). There are two implementations provided here, each with its own impact on performance and usability. You should enable at least one of them to enforce the non-executable flag on memory pages thereby making it harder to execute 'foreign' code in a program. This will also break programs that rely on the old behaviour and expect that dynamically allocated memory via the malloc() family of functions is executable (which it is not). Notable examples are the XFree86 4.x server, the java runtime and wine. NOTE: you can use the 'chpax' utility to enable/disable this feature on a per file basis. chpax is available at http://pageexec.virtualave.net -- use Perl; #powerful programmable prestidigitation