Anyone protecting the stack?
Bill Huey (hui)
billh at gnuppy.monkey.org
Thu Sep 18 18:29:27 PDT 2003
On Thu, Sep 18, 2003 at 06:15:12PM -0700, Kip Macy wrote:
> Anything doing dynamic translation is going to need to generate and
> execute code outside of its code segment. I don't know this for sure,
> but probably even VMWare does this as there are a number of privileged
> x86 instructions that don't trap. I would probably just make it
> controlled by a securelevel or sysctl. How many people want to run java
> on a locked down machine? Those select few could just disable it at
> kernel configure time.
Java is a pretty secure inside the VM core itself. It's when you start
executing stuff in supporting libraries that might trigger overflows, so
any kind of stack protection is going to have limited value to a system
as reliable as that. But you're right, JITs violate this all the time
with by storing tons of code basic blocks in some kind of manually
allocated storage.
IMO, the Java/HotSpot VM case isn't worth it.
bill
More information about the Kernel
mailing list