Anyone protecting the stack?

Matthew Dillon dillon at apollo.backplane.com
Thu Sep 18 18:07:26 PDT 2003


    The problem is that it's a big hack.  On IA32 there is *NO* pte
    flag to control the ability to execute within a page, so the only
    way to protect against execution is to limit the user code segment (%cs)
    GDT entry.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>


:Pedro Giffuni wrote:
:
:: I posted this to freebsd-hackers and everyone seemed to agree it was
:: extremely interesting and that it had to be done, but AFAICT no one is
:: doing the tough work. JIC anyone here is interested I repost the link to
:: NetBSD's commit log:
::
:: http://mail-index.netbsd.org/source-changes/2003/08/24/0027.html
::
:
:	Hmm, is this just the pmap mappings that are made non executable
:	if supported by hardware?  Well, aside from the pmap parts, I am
:	not sure we really want this...
:
:	... I am understanding right and per the research I have done
:	previously on non-exec stacks, it seems JIT compilers and the
:	new Perl interpreter do not support this, although, I maybe a
:	little outdated on this information.
:
:	If it can be done without harming any functionality, it will be
:	great!
:
:	Regards,
:
:-- 
:Hiten Pandya
:hmp at xxxxxxxxxxxxx






More information about the Kernel mailing list