This isn't a time-critical problem, but I hope people will forgive me for
stretching the submission rules slightly, because there appears to be a
fair amount of interest in executable stacks.
There have been a lot of technical messages about executable stacks, but
it would be very interesting if Compaq could provide some background
information:
(1) It appears that at some point (3.2->4.0?) Compaq switched from a
non-executable stack to an executable one, thus losing some very valuable
security protection. Presumably there was a good reason for doing this:
what was it?
(2) Would it be technically possible to make it a loader option so that
only those applications that needed an executable stack got it?
(3) If (2) is not possible did Compaq consider making it a boot-time
option and documenting which applications needed an executable stack so
that sites could decide whether they needed to take the risk?
Disabling the executable stack for suid programs regains some safety, but
as previously mentioned it provides no protection for demons running as
root.
Regards,
Bob
==============================================================
Bob Vickers R.Vickers_at_dcs.rhbnc.ac.uk
Dept of Computer Science, Royal Holloway, University of London
WWW:
http://www.cs.rhbnc.ac.uk/home/bobv
Phone: +44 1784 443691
Received on Thu Apr 22 1999 - 09:14:30 NZST