From owner-freebsd-arch Sat Jun 29 16:19:32 2002 Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA76F37B400 for ; Sat, 29 Jun 2002 16:19:30 -0700 (PDT) Received: from k6.locore.ca (k6.locore.ca [198.96.117.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DAAA43E06 for ; Sat, 29 Jun 2002 16:19:27 -0700 (PDT) (envelope-from jake@k6.locore.ca) Received: from k6.locore.ca (jake@localhost [127.0.0.1]) by k6.locore.ca (8.12.3/8.12.3) with ESMTP id g5TNOeDj093099; Sat, 29 Jun 2002 19:24:40 -0400 (EDT) (envelope-from jake@k6.locore.ca) Received: (from jake@localhost) by k6.locore.ca (8.12.3/8.12.3/Submit) id g5TNOdPP093098; Sat, 29 Jun 2002 19:24:39 -0400 (EDT) Date: Sat, 29 Jun 2002 19:24:39 -0400 From: Jake Burkholder To: Alfred Perlstein Cc: arch@FreeBSD.ORG Subject: Re: Time to make the stack non-executable? Message-ID: <20020629192438.J71376@locore.ca> References: <3D1E28ED.B67A5271@FreeBSD.org> <3D1E3126.C96FFAA5@mindspring.com> <20020629185554.I71376@locore.ca> <20020629230918.GN97638@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020629230918.GN97638@elvis.mu.org>; from bright@mu.org on Sat, Jun 29, 2002 at 04:09:18PM -0700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Apparently, On Sat, Jun 29, 2002 at 04:09:18PM -0700, Alfred Perlstein said words to the effect of; > * Jake Burkholder [020629 15:51] wrote: > > > > > > For signals, this is easy: copy SVR4, and modify the signal > > > functions to pass in a return address, then disable the execute > > > bits on stack pages and see whose head blows up. > > > > > > Frankly, I'm very surprised to discover that OpenBSD has not > > > already done this. > > > > > > Opinions? Patches from people who know and love the signals > > > facility on Alpha, SPARC64, PPC, etc.? > > > > The sparc64 signal trampoline is already in libc, I'm running a kernel > > which maps the stack non-executable locally. > > I recently (last week or two) forwarded a cvs commitlog from NetBSD > which seems to have solved this. > > http://docs.freebsd.org/cgi/getmsg.cgi?fetch=462972+0+archive/2002/freebsd-arch/20020623.freebsd-arch > > Have you guys had a look? Sorry if this is red herring, I haven't > investigated it deeply. Yes, I looked at it. Its mostly about standardizing the naming of the userland trampoline to include the type of the arguments it expects, sigcontext or ucontext, and a version number. It doesn't say much about how the address of the trampoline would be passed to the kernel, which is more important. I just used a sysarch call in crt0, which could be optimized to be done just before the first call to sigaction. FWIW, the netbsd scheduler activations upcall trampoline is copied out to the stack with the signal code (kse doesn't use the same kind of upcall trampoline), which I expect is their motivation for changes. Jake To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message