Anyone protecting the stack?

Kip Macy kmacy at fsmware.com
Thu Sep 18 18:15:12 PDT 2003


Anything doing dynamic translation is going to need to generate and
execute code outside of its code segment. I don't know this for sure,
but probably even VMWare does this as there are a number of privileged
x86 instructions that don't trap. I would probably just make it 
controlled by a securelevel or sysctl. How many people want to run java
on a locked down machine? Those select few could just disable it at
kernel configure time.

                              -Kip

	... I am understanding right and per the research I have done
	previously on non-exec stacks, it seems JIT compilers and the
	new Perl interpreter do not support this, although, I maybe a
	little outdated on this information.


J2SE 1.3.1 with the HotSpot compiler does create executable code objects
that are managed on the machine the stack. For what ? I don't remember.

	If it can be done without harming any functionality, it will be
	great!


I'm sure something can be worked out that'll allow this to be compatible
with Java and heavy duty JIT compilers like that.
bill







More information about the Kernel mailing list