Bugtraq mailing list archives
Re: Solaris 2.6 non-executable stacks
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Tue, 16 Jun 1998 12:21:41 +0200
On Fri, 12 Jun 1998, Dax Kelson wrote:A new feature in Solaris 2.6 is the ability to turn off executable stacks.[...]Does anyone know how secure this implementation is?More importantly, does anyone know whether this breaks anything, like early versions of Solar Designer's Linux patch did?
The "protect_stack" script which implements this feature for 2.5[.1] does break JIT compilers for Java as it also protects all BSS pages. The 2.6 feature probably breaks gcc nested functions (when passed as arguments) and perhaps gcc objective C as both generate code on the stack. But I've heard no breakage reports on any major program; all reports I heard on protect_stack had to do with the data segment protection change. (Basically, I had no choice but to protect all ZFOD pages) The 2.6 feature is only supported on Ultra class and sun4m/sun4d systems; not on others, not en x86 either. I don't think x86 hardware supports the per-page protection bit required; you can only do it per-segment; this makes it impossible for programs to use mprotect() on the stack to get execute permission back. The 64 bit SPARC V9 ABI has removed the requirement for the stack to be executable; so the stack is not executable for 64 bit processes in Solaris 2.7. Casper
Current thread:
- Vulnerability in 4.4BSD Secure Levels Implementation Niall Smart (Jun 10)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Cy Schubert - ITSD Open Systems Group (Jun 11)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation abc () RALPH ML ORG (Jun 12)
- Full Armor.... Fool Proof etc... bugs chameleon (Jun 11)
- Re: Full Armor.... Fool Proof etc... bugs Alan Ramsbottom (Jun 12)
- SECURITY: new mailx packages now available Alex K. (Jun 12)
- Re: Full Armor.... Fool Proof etc... bugs Joseph Gooch (Jun 13)
- Re: Full Armor.... Fool Proof etc... bugs Florian Weimer (Jun 12)
- Solaris 2.6 non-executable stacks Dax Kelson (Jun 12)
- Re: Solaris 2.6 non-executable stacks Edward S. Marshall (Jun 14)
- Re: Solaris 2.6 non-executable stacks Casper Dik (Jun 16)
- Re: Solaris 2.6 non-executable stacks Edward S. Marshall (Jun 14)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Darren Reed (Jun 13)
- <Possible follow-ups>
- Re: Vulnerability in 4.4BSD Secure Levels Implementation tqbf () pobox com (Jun 11)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Niall Smart (Jun 13)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Tim Newsham (Jun 26)
- check-ps 1.2 alpha 4 released Duncan Simpson (Jun 26)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation tqbf () pobox com (Jun 14)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Niall Smart (Jun 28)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Tim Newsham (Jun 28)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Roger Harrison ? (Jun 29)
- Serious Linux 2.0.34 security problem David Luyer (Jun 30)
(Thread continues...)
- Re: Vulnerability in 4.4BSD Secure Levels Implementation Cy Schubert - ITSD Open Systems Group (Jun 11)