Re: Non-executable stack

From: Julian Elischer (julian_at_elischer.org)
Date: 11/02/05

  • Next message: Nate Nielsen: "Re: Is the server portion of freebsd-update open source?" 
    Date: Wed, 02 Nov 2005 11:06:40 -0800
To: Dag-Erling Smørgrav <des@des.no>

    Dag-Erling Smørgrav wrote:

    >db <db@traceroute.dk> writes:
    >
    >
    >>Memory on ia32 can be writable and readable. When it is readable it
    >>is also executable. On other arch's like AMD64 and IA64, I believe
    >>memory can be readable, writable and executable.
    >>
    >>
    >
    >Not quite. IA32 can make individual segments readable, writable and /
    >or executable, but lacks the ability to do so on a per-page basis.
    >Since we have trampoline code at the top of the stack, the entire
    >stack segment must be executable. Moving the trampoline off the stack
    >would solve the problem on all platforms.
    >
    >

    There has been recent talk of a shared kernel/user memory page..
    that could be used for trampoline code.

    >W^X across the board is not an option - it would break HotSpot and
    >other JIT-based software.
    >
    >DES
    >
    >
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Nate Nielsen: "Re: Is the server portion of freebsd-update open source?"

    Relevant Pages

    • Re: Non-executable stack
      ... > memory can be readable, ... IA32 can make individual segments readable, ... Since we have trampoline code at the top of the stack, ...
      (FreeBSD-Security)
    • Re: If Macs have no spyware....
      ... >had made a complete code review of its operating system and removed all ... and writing new data into those memory locations would ... >but when the data exists on the stack, it can cause very large problems. ... >location that needs to be written in place of the correct execution ...
      (comp.sys.mac.advocacy)
    • Re: If Macs have no spyware....
      ... First you yammer about being a Mac advocate, then bad mouth me for dumping XP in favor of a Mac. ... Supposedly Microsoft had made a complete code review of its operating system and removed all the buffers which could overflow. ... the fundamental problem is that the basic architecture of Windows has two fatal flaws in its memory management and while these remain in the software the ad hoc patches will never be enough to make Windows a secure operating system. ... These problems are bad enough when dealing with data in the one routine but when the data exists on the stack, it can cause very large problems. ...
      (comp.sys.mac.advocacy)
    • Re: Maybe we should stop "Paging Beth Stone" already...
      ... I'll want to work on my OS while running my OS, so the assembler that it's written with has to run under it. ... You have to swap CR3 if you want seperate memory spaces. ... The alternate stacks aren't used by the processor unless the task calls a different protection level, so they're not part of the TSS swap. ... This lets any application use up to a gigabyte of stack before Linux is forced to tell it that it's gone too far. ...
      (alt.lang.asm)
    • Re: When is "volatile" used instead of "lock" ?
      ... to get the address of a stack variable to a background thread. ... I'm suggesting that the memory model ... lock pattern works without making the instance member volatile; ... fields shared amongst more than one thread despite following the locking ...
      (microsoft.public.dotnet.languages.csharp)