Bugtraq mailing list archives
Re: Linux kernel patch to remove stack exec permission
From: meissner () CYGNUS COM (Mike Meissner)
Date: Sat, 12 Apr 1997 08:47:24 EDT
| There seemed to be no patch for Linux kernel to remove execute permission | from the stack (to prevent most buffer overflow exploits), so I decided to | make one, I include it at the end of this message. I heard some rumours that | GCC assumes stack frame to be executable when dealing with nested functions, | but I couldn't reproduce that. I'm running this patched kernel for a day now, | and everything (well, except for the exploits) seems to work fine. However, | some programs may depend on the stack being executable... I'd like to hear | any reports of this. Hopefully Linus will NOT install this patch without providing a configure option to enable/disable it. It is not a rumor but a fact that GCC depends on the stack being executable in order to support passing the address of nested functions via trampolines. I really would prefer not to have a new quanity of tests fail. Alternatively, you could try to convince RMS and Kenner that trampolines are a bad idea (I've been trying for 8 years), or root out all of the hidden assumptions in the compiler that trampolnes are on the stack (been there, tried it, gave up). Here is a test case for trampolines: #include <stdio.h> int g (int a, int b, int (*gi) (int, int)) { printf ("Inside g, a = %d, b = %d, gi = 0x%.8lx\n", a, b, (long)gi); fflush (stdout); if ((*gi) (a, b)) return a; else return b; } void f (void) { int i, j; int f2 (int a, int b) { printf ("Inside f2, a = %d, b = %d\n", a, b); fflush (stdout); return a > b; } int f3 (int a, int b) { printf ("Inside f3, i = %d, j = %d\n", i, j); fflush (stdout); return i > j; } if (g (1, 2, f2) != 2) { printf ("Trampoline call returned the wrong value\n"); fflush (stdout); abort (); } i = 4; j = 3; if (g (5, 6, f3) != 5) { printf ("Trampoline call returned the wrong value\n"); fflush (stdout); abort (); } } int main (void) { printf ("Before trampoline call\n"); fflush (stdout); f (); printf ("Trampoline call succeeded\n"); fflush (stdout); return 0; }
Current thread:
- Re: Linux kernel patch to remove stack exec permission Mike Meissner (Apr 12)
- <Possible follow-ups>
- Linux kernel patch to remove stack exec permission Solar Designer (Apr 12)
- Re: Linux kernel patch to remove stack exec permission Casper Dik (Apr 12)
- Re: Linux kernel patch to remove stack exec permission Ingo Molnar (Apr 14)