Aleph, please kill my article if someone else says it better/first. I've been waiting in silence for Solar Designer to speak up and end the debate about how to do this, but I guess he's away from his e-mail. Glynn Clements wrote: > Christopher Rhodes wrote: > > I think one of the major problems with the Linux implementation, and > > apparently windows too, is that noone pays attention to the added security > > provided by segmentation (at least to the point of putting the stack on a > > different segment?) > > Having separate non-overlapping stack and data segments causes a great > many problems if you want to be able to write programs in C, given > that a data pointer has to be able to record the address of any > variable, regardless of whether it is static (data segment) or > automatic (stack segment). This work has already been done: there is a kernel patch for Linux that makes the stack segment non-executable. For details, go read Solar's source: http://www.openwall.com/linux/ > There are workarounds (i.e. foregoing the simplicity of a flat memory > model), but these are invariably either inefficient (e.g. the "huge" > memory model found on 16-bit x86 C compilers), or not actually C (e.g. > the "near" and "far" keywords in the language-which-looks-like-C-but-isn't > that was commonly used for 16-bit x86 development). The kernel patch makes no such compromise. As near as I can tell, it is completely performance neutral, and largely transparent. The only compromise is that special handling for signal delivery is required, which the kernel patch provides. > Also, using segmentation pretty much guarantees that your OS cannot be > made to run on anything other than the x86 architecture (which is > about the worst of the bunch; no sane person would use x86 if wasn't > for the compatibility issues). Other, more sane, processors provide for read & no-execute pages, so you use a different kernel MMU mechanism to make the stack non-executable. Thus, Casper Dik has a similar kernel enhancement for Solaris that makes the stack non-executable. Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:40 PDT