From owner-freebsd-arch  Sun Jun 30  5:25:54 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E015E37B400
	for <arch@freebsd.org>; Sun, 30 Jun 2002 05:25:51 -0700 (PDT)
Received: from gull.mail.pas.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8C26F43E1D
	for <arch@freebsd.org>; Sun, 30 Jun 2002 05:25:51 -0700 (PDT)
	(envelope-from tlambert2@mindspring.com)
Received: from pool0052.cvx40-bradley.dialup.earthlink.net ([216.244.42.52] helo=mindspring.com)
	by gull.mail.pas.earthlink.net with esmtp (Exim 3.33 #2)
	id 17Odlx-0007Tu-00; Sun, 30 Jun 2002 05:25:46 -0700
Message-ID: <3D1EF89E.B5BC0CCE@mindspring.com>
Date: Sun, 30 Jun 2002 05:25:02 -0700
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Cedric Berger <cedric@wireless-networks.com>
Cc: arch@freebsd.org
Subject: Re: Time to make the stack non-executable?
References: <3D1E28ED.B67A5271@FreeBSD.org> <3D1E3126.C96FFAA5@mindspring.com> <3D1EF628.5090105@wireless-networks.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

Cedric Berger wrote:
> It is the default (noexec_user_stack) for 64-bit Solaris.
> http://docs.sun.com/?q=noexec_user_stack&p=/doc/806-7009/6jftnqsis&a=view
> Since I doubt Sun would set a default which makes Java unusable,
> It seems to me that Java has a good probability to be OK with that.
> Or am I missing something?

SPARC != i386.  SunSpot uses executable stack on i386, according
to one poster.  However, this man page reference for Solaris gives
a nice clue on how to get around it: explicit use of mprotect()
(clever lads!).  That actually gets rid of a lot of the objections
I was able to come up with, if doing that to the stack would work
on FreeBSD as well (seems to on 4.6).

That leaves the issue of binary compatability; the sysctl approach
(per Solaris) is not a good idea, since you can't stop other
processes starting during an off-then-on-then-off window.

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message