Hello. So I've been exploring the linux kernel lately and I have noticed something interesting. As you all know the 80386 uses a segmented architecture. There are several segment types including data and code segments.
A data segment can be read and written. A code segment can be read or executed. Stacks are stored in data segments. Linux creates several segments, but four are of particular importance. One kernel code segment, one kernel data segment, one user code segment, and one user data segment. Since stacks are stored in data segments how can a stack smash work if a data segment can't be executed? You can't execute code in a data segment and you can't change the code in a code segment. So how can a stack smash get setup. I know it is possible because I've read and tried the techniques in the "Smashing the Stack for Fun and Profit" Article. Also stack smash attacks are pretty common on the x86 so it obviously is possible .
