Date: Sat, 14 Jun 2008 23:08:34 +0300 From: Kostik Belousov <kostikbel@gmail.com> To: Ed Schouten <ed@80386.nl> Cc: amd64@freebsd.org Subject: Re: VM_PROT_EXEC on the stack Message-ID: <20080614200833.GZ94309@deviant.kiev.zoral.com.ua> In-Reply-To: <20080614174412.GU1176@hoeg.nl> References: <20080614174412.GU1176@hoeg.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
--Rze2H98aPGdtvpzG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jun 14, 2008 at 07:44:12PM +0200, Ed Schouten wrote: > Hello everyone, >=20 > I'm not a real guru when it comes to low level x86 hardware stuff, but > some time ago I read somewhere that the NX bit on AMD64 CPU's could be > used to mark the stack as non-executable, making it impossible to > execute code on the stack (through buffer overflows). >=20 > When I look at procstat -v's output on FreeBSD/amd64, I see the stack > has VM_PROT_EXEC. Is there a specific reason for this? There are at least two issues with marking stack non-executable. First, kernel copies the signal trampoline code fragments at the top of the stack. This may be worked around by splitting one page from the stack and marking it executable. Or, the code may be moved to the libc. Second issue is that, in principle, stack may be used by the compiler-generated trampolines. New gnu toolchain creates the GNU_STACK phdr that informs ld.so that non-executable stack is permitted (in fact, I think that it is p_flags of the phdr that defines required protection for the stack segment mappings). GNU_STACK is created when all linked relocatable objects contain .note.GNU-stack. --Rze2H98aPGdtvpzG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkhUJUEACgkQC3+MBN1Mb4iCxgCg8BxC/4DoAse7vcMxdUg8RLUd JnwAoNT+DkeALCKDBbu32oq0yUFTqBYl =ZgFJ -----END PGP SIGNATURE----- --Rze2H98aPGdtvpzG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080614200833.GZ94309>