Bugtraq mailing list archives

Re: machine independent protection from stack-smashing attack

From: Jan Echternach <echter () informatik uni-rostock de>
Date: Mon, 11 Sep 2000 22:16:55 +0200

On Mon, Sep 11, 2000 at 09:55:35AM +0400, Yarrow Charnot wrote:

Microsoft purposely doesn't allow pages to be non-executable,


Microsoft didn't really have a choice.  i386 hardware doesn't support
readable, but non-executable pages.

In other words, if the attribute READ is set, the page is automatically made
EXECUTABLE. If you trace NT and 9X kernels up to the point where they set


Same with Linux/i386, for instance.

(NON-EXECUTABLE) on purpose. What purpose? Who on Earth would want to keep
your data segments executable??? If you want to make it executable, one call


Segment based protections on i386 are different thing.  I think you
could emulate a flat memory model with non-executable pages by mapping
data and code segments to different linear addresses, but that would
half the availabe virtual memory and impose a performance penalty.

--
Jan

Current thread:

Re: machine independent protection from stack-smashing attack Yarrow Charnot (Sep 12)
- Re: machine independent protection from stack-smashing attack Jan Echternach (Sep 12)
- Re: machine independent protection from stack-smashing attack Michael Nelson (Sep 12)
- <Possible follow-ups>
- Re: machine independent protection from stack-smashing attack Greg Hoglund (Sep 12)