Date: Wed, 02 Nov 2005 13:30:53 +0100 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) To: db <db@traceroute.dk> Cc: freebsd-security@freebsd.org, Jimmy Scott <jimmy@inet-solutions.be> Subject: Re: Non-executable stack Message-ID: <86pspjz0xu.fsf@xps.des.no> In-Reply-To: <200510291412.57656.db@traceroute.dk> (db@traceroute.dk's message of "Sat, 29 Oct 2005 14:12:57 %2B0000") References: <200510270608.51571.db@traceroute.dk> <200510291242.16461.db@traceroute.dk> <20051029131519.GA22254@ada.devbox.be> <200510291412.57656.db@traceroute.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
db <db@traceroute.dk> writes: > Memory on ia32 can be writable and readable. When it is readable it > is also executable. On other arch's like AMD64 and IA64, I believe > memory can be readable, writable and executable. Not quite. IA32 can make individual segments readable, writable and / or executable, but lacks the ability to do so on a per-page basis. Since we have trampoline code at the top of the stack, the entire stack segment must be executable. Moving the trampoline off the stack would solve the problem on all platforms. W^X across the board is not an option - it would break HotSpot and other JIT-based software. DES -- Dag-Erling Smørgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86pspjz0xu.fsf>