On Thu, 14 Aug 2003, Stephen Clowater wrote:
Also, you can use chpax, and turn on a non-executable stack, and with a smallIt's been proved many times that non-executable stack adds NO security at
all.
Every single class of vulnerabilities exploitable with executable stack
can be also exploited with non-executable stack.
What he forgot to mention is that PAX and grsec also gives you non-executable heap and randomized address bases to prevent return-to-libc attacks. AFAIK all those combined do bring real security against generic exploits.
