Date: Tue, 12 Aug 2003 21:15:23 +1000 From: Peter Jeremy <PeterJeremy@optushome.com.au> To: "Devon H. O'Dell" <dodell@sitetronics.com> Cc: security@freebsd.org Subject: Re: realpath(3) et al Message-ID: <20030812111522.GA66788@cirb503493.alcatel.com.au> In-Reply-To: <003501c360b0$6dad9970$9f8d2ed5@internal> References: <20030812085617.GA407@FreeBSD.org> <003501c360b0$6dad9970$9f8d2ed5@internal>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 12, 2003 at 11:02:16AM +0200, Devon H. O'Dell wrote: >Features such as a protected stack should, IMO, be implemented as soon as >possible to keep FreeBSD heads-afloat right now in the security sense.... >OpenBSD has implemented this already and there are many patches for Linux to >do the same... why don't we go ahead and shove some of this code into CVS? By "protected" I presume you mean "non-executable". Whilst making the stack non-executable is trivial, making the system still work isn't. I believe the FreeBSD signal handling still relies on a signal trampoline on the stack. Some ports also expect an executable stack (most commonly lisp implementations). Some years ago, I tried implementing a non-executable stack on a Solaris box. Interleaf promptly stopped working so I had to undo the change. Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030812111522.GA66788>