From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mike Haertel <mike@ducky.net>
Message-Id: <200207181450.g6IEoSsJ023181@ducky.net>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] useful language extension, or no?
In-Reply-To: <20020718122844.M14964@cackle.proxima.alt.za>
Date: Thu, 18 Jul 2002 07:50:28 -0700
Topicbox-Message-UUID: d01aca36-eaca-11e9-9e20-41e7f4b1d025

>I neglected to mention that locking the stack against execution is a
>way of locking the barn door, programmers _ought_ to know better, but
>the tools to _do_ better haven't been available until recently.

Nope.  All you have to do is overwrite return addresses and
data in the stack.  Many programs have code that can be twisted
to your own ends if you just call it with the right parameters.
Admittedly this requires doing a little more homework than
just putting executable code in the stack.  But making the
stack non-executable is not a way of "locking the barn door"
by any means.  It's more like just closing the barn door and
hoping nobody will notice the padlock is missing.