> Date: Tue, 31 Jul 2001 14:57:44 -0400 > From: "David P. Reed" <[EMAIL PROTECTED]> > > Small issue: Return addresses of calling routines are on the stack, and > they don't require execute access to exploit. Thus, every fixed length > buffer is indeed a potential exploit, whether or not you give "execute" > permission to the stack. > > I sense a wish to "blame Microsoft" or "blame Intel" on this one. Blame > the designers of "C" string handling routines, instead On the contrary, branching to an arbitrary address is very rarely even a significant capability in comparison to an executable exploit. It might work in conjunction with a seperate exploit, but not by its self. Is there any question that the decsions of operating systems architects, as to whether they allow code execution from the stack, are having a significant impact on the history of the internet? There ought to be a Plumbing and Building Code for Internet-connected hosts. If your hardware forces you to have an executable stack, then you need better hardware. Cheers, James
