Date: Wed, 15 Dec 2004 08:57:05 -0800 From: Peter Wemm <peter@wemm.org> To: freebsd-amd64@freebsd.org Cc: amd64@freebsd.org Subject: Re: non-executable stack Message-ID: <200412150857.05622.peter@wemm.org> In-Reply-To: <1103050826.21655.13.camel@server.mcneil.com> References: <1103050826.21655.13.camel@server.mcneil.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 14 December 2004 11:00 am, Sean McNeil wrote: > Just wondering if FreeBSD is taking advantage of the non-execute > capability in the amd64 processor to protect the stack and allocation > area. If so, how would something like the java VM work? Would it > have to have some sort of chflag bit set or suid'd? > > Cheers, > Sean We sort-of support the PG_NX bit, but there are things broken in the pmap.c code which means it will get lost over time. We cheat and create the primary stack with execute turned on, because the executable signal trampoline is still in there. The signal trampoline should be in libc anyway. gcc needs to have its configuration changed so that it uses mprotect() to turn PROT_EXEC on when it needs to execute stuff on the stack. It does this for many architectures, but not for FreeBSD/i386 and /amd64. Things like the java vm would need to use mprotect() like they do on solaris, linux etc. -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412150857.05622.peter>