Bugtraq mailing list archives
Re: 2nd Linux kernel patch to remove stack exec
From: linux () MAILHOST UNI-KOBLENZ DE (Systemkennung Linux)
Date: Mon, 14 Apr 1997 01:34:30 +0200
Hi,
Firstly I want to say that if I remember Linus's opinion on this matter from some time ago this sort of change is not going into the kernel, in fact you essentially have to allow any data segment to be executable. If you break this all sorts of "fun" things happen, crashme stops working (bad bad bad), certain high performance scheme/lisp interpreters stop working, and you break our current signal returning mechanism which is used on all platforms.
Unfortunately Linus is right in his opinion that a lot of software will break. The attempt these problems by removing execute permission is also limited by the problem that some architures like MIPS don't make a difference at all between read and execute permissions for a page, on others like 68k the price on would have to pay for these (additional level in page tables plus much memory for the page tables) is way to high.
> AFAIK, they will cause some overhead for maintaining L1 code and data caches > coherency, since the stack frame is usually in the data cache -- resulting in > bad performance. We're talking about some hundred cycles or more ... Care to propose another way to handle signal dispatch in a clone() safe way? We used to do signals stupidly via a libc static signal dispatch vector on the Sparc (this is the way SunOS did it), then I considered the clone() threaded signal problem, man did I change over to the way the Intel and Alpha always did it but fast, I'll eat the instruction cache flush any day compared to the alternative.
Actually I was only arguing against the use of the trampolines generated for certain constructs by GCC. When flushing the caches for the signal trampoline is lower in comparison because we don't take the syscall overhead but hmmm... You asked for it ... (ringing up the department for dirty tricks ...) When setting up the exception frame put an invalid address that on return from the signal handler will cause some exception. On MIPS I'd choose address error. Check in the exception handler for that particular magic return address from the stack frame -> no more code on the stack and thread safe. Ralf
Current thread:
- Re: [LINUX] IP_MASQ / Ethernet Passing Traffic After Halt Miquel van Smoorenburg (Apr 12)
- Re: [LINUX] IP_MASQ / Ethernet Passing Traffic After Halt Alan Cox (Apr 13)
- [ANNOUNCE]: ipfilter for FreeBSD2.2.x + FreeBSD3.0-current Julian Assange (Apr 13)
- Re: [ANNOUNCE]: ipfilter for FreeBSD2.2.x + FreeBSD3.0-current Perry E. Metzger (Apr 13)
- 2nd Linux kernel patch to remove stack exec Solar Designer (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Solar Designer (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec David S. Miller (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
- Re: 2nd Linux kernel patch to remove stack exec Systemkennung Linux (Apr 13)
- more l0phtcrack errata Systemkennung Linux (Apr 13)
- PGP Distributed Attack Aleph One (Apr 14)
- Re: PGP Distributed Attack Perry E. Metzger (Apr 14)
- Re: PGP Distributed Attack Paul C Leyland (Apr 15)
- Juggernaut 1.1 patch G P R (Apr 15)
- Re: PGP Distributed Attack Ubermensch (Apr 14)
- Re: PGP Distributed Attack Tom Guptill (Apr 14)
- Re: 2nd Linux kernel patch to remove stack exec Bernd Schmidt (Apr 14)
- mail bombing ;-) Alain Mellan (Apr 14)