From owner-freebsd-arch  Sun Jun 30  3:45:19 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6C4D037B401
	for <arch@FreeBSD.ORG>; Sun, 30 Jun 2002 03:45:13 -0700 (PDT)
Received: from phoenix.dmnstech.net (phoenix.dmnstech.net [194.19.34.94])
	by mx1.FreeBSD.org (Postfix) with SMTP id 0A77F43E09
	for <arch@FreeBSD.ORG>; Sun, 30 Jun 2002 03:45:12 -0700 (PDT)
	(envelope-from eivind@phoenix.dmnstech.net)
Received: (from eivind@localhost)
	by phoenix.dmnstech.net (8.12.2/8.11.6) id g5UAj8FM015374;
	Sun, 30 Jun 2002 12:45:08 +0200 (CEST)
	(envelope-from eivind)
Date: Sun, 30 Jun 2002 12:45:08 +0200
From: Eivind Eklund <eivind@FreeBSD.ORG>
To: Terry Lambert <tlambert2@mindspring.com>
Cc: Bill Huey <billh@gnuppy.monkey.org>,
	Jake Burkholder <jake@locore.ca>, arch@FreeBSD.ORG
Subject: Re: Time to make the stack non-executable?
Message-ID: <20020630124508.A14361@phoenix.dmnstech.net>
References: <3D1E28ED.B67A5271@FreeBSD.org> <3D1E3126.C96FFAA5@mindspring.com> <20020629185554.I71376@locore.ca> <20020629232603.GA1361@gnuppy.monkey.org> <3D1E55E5.998DCEBA@mindspring.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <3D1E55E5.998DCEBA@mindspring.com>; from tlambert2@mindspring.com on Sat, Jun 29, 2002 at 05:50:45PM -0700
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

On Sat, Jun 29, 2002 at 05:50:45PM -0700, Terry Lambert wrote:
[On setting a non-executable stack]
> As I said in the original post, Sean and I are both aware of the
> possibility that some software will be unable to run after this.
> 
> One way to potentially work around this is to allow the stack
> pages to be marked executable by explicit linking with an
> alternate crt0.o, or, more usefully, by way of an attribute on
> the file (e.g. a "chflags").

Is there some reason that we should not do this by way of a syscall that the
particular process calls?  If an exploit is at a point where it can run
syscalls, I'd think we are screwed anyway, and we should know at compile time
what programs would need this and not, if we do it globally.  The only problem
is legacy programs that need this.

chflags has the large disadvantage of not playing nice with many backup
systems, and not being available in many filesystems.  An ELF section avoid
this problem, but somehow seems less clean than a syscall.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message