From owner-freebsd-security@FreeBSD.ORG Fri Nov 4 10:38:45 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C138B16A41F for ; Fri, 4 Nov 2005 10:38:45 +0000 (GMT) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 492A643D45 for ; Fri, 4 Nov 2005 10:38:45 +0000 (GMT) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id B5BE82083; Fri, 4 Nov 2005 11:38:37 +0100 (CET) X-Spam-Tests: ALL_TRUSTED,AWL,BAYES_00 X-Spam-Learn: ham X-Spam-Score: -4.4/3.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on tim.des.no Received: from xps.des.no (des.no [80.203.228.37]) by tim.des.no (Postfix) with ESMTP id 9C3CB2082; Fri, 4 Nov 2005 11:38:37 +0100 (CET) Received: by xps.des.no (Postfix, from userid 1001) id 7AE3033C1D; Fri, 4 Nov 2005 11:38:37 +0100 (CET) To: martinko References: <200510270608.51571.db@traceroute.dk> <200510291242.16461.db@traceroute.dk> <20051029131519.GA22254@ada.devbox.be> <200510291412.57656.db@traceroute.dk> <86pspjz0xu.fsf@xps.des.no> <43690E40.5040705@elischer.org> From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) Date: Fri, 04 Nov 2005 11:38:37 +0100 In-Reply-To: (martinkov@pobox.sk's message of "Fri, 04 Nov 2005 00:39:54 +0100") Message-ID: <86sluchf4i.fsf@xps.des.no> User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: Non-executable stack X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Nov 2005 10:38:45 -0000 martinko writes: > and what exactly is that trampoline btw/pls ? When a process receives a signal, the kernel needs to call the appropriate signal handler (in user space), then do some cleanup when the signal handler returns, and pass control back to whatever code was interrupted by the signal. The cleanup is handled by the sigreturn() syscall. To avoid having to manually add a call to sigreturn() at the end of each signal handler, we use a small piece of trampoline code (sigcode in locore.S) which calls the signal handler, then issues a sigreturn() syscall. This trampoline needs to be in a fixed location so the kernel knows where to find it, and it needs to be present at all times, so we can't just put it in the crt and then have the crt report its location to the kernel somehow. Currently, it is copied into place at the top of the stack by execve(). DES --=20 Dag-Erling Sm=F8rgrav - des@des.no