From owner-freebsd-hackers  Fri Dec 13  1:47:17 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CCA8537B401
	for <hackers@FreeBSD.ORG>; Fri, 13 Dec 2002 01:47:16 -0800 (PST)
Received: from HAL9000.homeunix.com (12-232-220-15.client.attbi.com [12.232.220.15])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2061D43ED1
	for <hackers@FreeBSD.ORG>; Fri, 13 Dec 2002 01:47:16 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Received: from HAL9000.homeunix.com (localhost [127.0.0.1])
	by HAL9000.homeunix.com (8.12.6/8.12.5) with ESMTP id gBD9lFnZ003994;
	Fri, 13 Dec 2002 01:47:15 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Received: (from das@localhost)
	by HAL9000.homeunix.com (8.12.6/8.12.5/Submit) id gBD9lEtr003993;
	Fri, 13 Dec 2002 01:47:14 -0800 (PST)
	(envelope-from dschultz@uclink.Berkeley.EDU)
Date: Fri, 13 Dec 2002 01:47:14 -0800
From: David Schultz <dschultz@uclink.Berkeley.EDU>
To: dslb@tiscali.dk
Cc: hackers@FreeBSD.ORG
Subject: Re: The stack and heap
Message-ID: <20021213094714.GA3951@HAL9000.homeunix.com>
Mail-Followup-To: dslb@tiscali.dk, hackers@FreeBSD.ORG
References: <3D9FE83900007F16@cpfe4.be.tisc.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3D9FE83900007F16@cpfe4.be.tisc.dk>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Thus spake dslb@tiscali.dk <dslb@tiscali.dk>:
> I just have a few question about execution of code on the stack or heap.
> It is possible in FreeBSD right? But why does the stack and heap need to
> be executable?
> 
> I have read about mprotect(), but can you change the stack and heap permissions
> with that? If yes how? (the man page tells you almost nothing).
> 
> Btw does the ia32 have both read and execution permissions for the memory
> or is read and execution the same? If it is the same, have this changed
> in ia64?

FreeBSD could, in theory, use non-executable stacks on
architectures that support separate read and execute bits.
(i386 isn't one of them.)  Some operating systems employ
this technique to make buffer overruns hard to exploit.
It isn't quite as easy to implement as you might think,
though.  You need to rethink signal trampolines, and some
programs (e.g. JIT compilers, LISP runtimes) expect their
stacks to be executable.  I don't know exactly how much
work it would be to fix up FreeBSD to use non-executable
stacks, or whether it would be worth it.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message