From owner-freebsd-security@FreeBSD.ORG  Wed Nov  2 19:14:58 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7820816A424;
	Wed,  2 Nov 2005 19:14:58 +0000 (GMT)
	(envelope-from julian@elischer.org)
Received: from a50.ironport.com (a50.ironport.com [63.251.108.112])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 35E7A43D45;
	Wed,  2 Nov 2005 19:14:58 +0000 (GMT)
	(envelope-from julian@elischer.org)
Received: from unknown (HELO [10.251.23.117]) ([10.251.23.117])
	by a50.ironport.com with ESMTP; 02 Nov 2005 11:06:41 -0800
X-IronPort-Anti-Spam-Filtered: true
Message-ID: <43690E40.5040705@elischer.org>
Date: Wed, 02 Nov 2005 11:06:40 -0800
From: Julian Elischer <julian@elischer.org>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
	rv:1.7.11) Gecko/20050727
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>
References: <200510270608.51571.db@traceroute.dk>	<200510291242.16461.db@traceroute.dk>	<20051029131519.GA22254@ada.devbox.be>	<200510291412.57656.db@traceroute.dk>
	<86pspjz0xu.fsf@xps.des.no>
In-Reply-To: <86pspjz0xu.fsf@xps.des.no>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Mailman-Approved-At: Thu, 03 Nov 2005 14:02:31 +0000
Cc: Jimmy Scott <jimmy@inet-solutions.be>, Robert Watson <rwatson@freebsd.org>,
	freebsd-security@freebsd.org
Subject: Re: Non-executable stack
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2005 19:14:58 -0000

Dag-Erling Smørgrav wrote:

>db <db@traceroute.dk> writes:
>  
>
>>Memory on ia32 can be writable and readable.  When it is readable it
>>is also executable.  On other arch's like AMD64 and IA64, I believe
>>memory can be readable, writable and executable.
>>    
>>
>
>Not quite.  IA32 can make individual segments readable, writable and /
>or executable, but lacks the ability to do so on a per-page basis.
>Since we have trampoline code at the top of the stack, the entire
>stack segment must be executable.  Moving the trampoline off the stack
>would solve the problem on all platforms.
>  
>

There has been recent talk of a shared kernel/user memory page..
that could be used for trampoline code.

>W^X across the board is not an option - it would break HotSpot and
>other JIT-based software.
>
>DES
>  
>