Crispin Cowan wrote: > > > I think one of the major problems with the Linux implementation, and > > > apparently windows too, is that noone pays attention to the added security > > > provided by segmentation (at least to the point of putting the stack on a > > > different segment?) > > > > Having separate non-overlapping stack and data segments causes a great > > many problems if you want to be able to write programs in C, given > > that a data pointer has to be able to record the address of any > > variable, regardless of whether it is static (data segment) or > > automatic (stack segment). > > This work has already been done: there is a kernel patch for Linux that makes > the stack segment non-executable. For details, go read Solar's source: > http://www.openwall.com/linux/ I'm aware of Solar Designer's patch. However, it isn't applicable to my reply. My reply was regarding separating the stack and data segments, not the code segment. Referring back, this may not have been what the poster was talking about. The code segment is a somewhat easier target. IIRC, C says very little about function pointers. You are not guaranteed to be able to store a function pointer in a "void *", "long" or anything other than a pointer to that specific type of function. Consequently, the code segment doesn't have to overlap either the stack or data segments. If the code and stack/data segments do overlap, then it doesn't matter whether or not the stack/data segment is executable. You simply write to the stack/data segment then execute the code via the code segment (return addresses are implicitly relative to the code segment). -- Glynn Clements <glynnat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:42 PDT