The 386 and up supports no-exec, but only on differing segments. Most OS systems aren't properly implemented on the 386+ architecture. The 386+ supports read-only pages in the paging architecture, but to separate executable code from stack and data, you have to point the segment registers at differing memory areas. If they overlap, which simplifies memory management, then the code, data and stack are all shared. An entire segment, according to the Intel documentation, can set aside as non-executable. I think one of the major problems with the Linux implementation, and apparently windows too, is that noone pays attention to the added security provided by segmentation (at least to the point of putting the stack on a different segment?) I've not delved into that portion of the Linux source, but maybe I will someday if I have some free time. (I got my info from a copy of Intel's pentium family processor architecture and programming manual.) (I'm talking about the code and data bits in the segment registers.) Chris Rhodes ------------------------------------------------------------------------- "Note: The information contained in this message and any attachments to it may be privileged and confidential. If the reader of this message is not the intended recipient or the recipient's appointed agent, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer." ------------------------------------------------------------------------- On Fri, 26 Nov 1999 pedwardat_private wrote: > I seem to recall a Linux kernel guru explaining that the x86 MMU doesn't actually > support non-exec pages, or some such. It doesn't support it, or it just doesn't > work right. I remember bringing up the issue of noexec and that was the answer. > > --Perry > > > Ok, here it is, on page 58, it's talking about Access Control of virtual > > pages, and it says, literally if a page can be read, it can be executed. I > > remember that this took my attention for some days, then I forgot about it, until > > you mentioned it. > > > > richie > > -- > Perry Harrington Director of zelur xuniL () > perryat_private System Architecture Think Blue. /\ >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:28 PDT