Date: Sat, 14 Jun 2008 12:35:39 -0700 From: "Peter Wemm" <peter@wemm.org> To: "Ed Schouten" <ed@80386.nl> Cc: amd64@freebsd.org Subject: Re: VM_PROT_EXEC on the stack Message-ID: <e7db6d980806141235v87b0cedhba3f55aca79ba96f@mail.gmail.com> In-Reply-To: <20080614174412.GU1176@hoeg.nl> References: <20080614174412.GU1176@hoeg.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
gcc copies code to the stack and runs it in certain circumstances (nested functions). We'd need code added to libgcc to do the appropriate mprotect() calls. I think code exists for NetBSD to do this if somebody wants to pick this up. Search for mprotect in gcc source. Also, the very top page has the signal trampoline executable code. If you wanted to turn off EXEC, you'd either have to leave the very top page executable or move the trampoline elsewhere (eg: libc, like on sparc64). BTW: I'd like the latter. On Sat, Jun 14, 2008 at 10:44 AM, Ed Schouten <ed@80386.nl> wrote: > Hello everyone, > > I'm not a real guru when it comes to low level x86 hardware stuff, but > some time ago I read somewhere that the NX bit on AMD64 CPU's could be > used to mark the stack as non-executable, making it impossible to > execute code on the stack (through buffer overflows). > > When I look at procstat -v's output on FreeBSD/amd64, I see the stack > has VM_PROT_EXEC. Is there a specific reason for this? > > Yours, > -- > Ed Schouten <ed@80386.nl> > WWW: http://80386.nl/ > -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5 "If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e7db6d980806141235v87b0cedhba3f55aca79ba96f>