> Aleph, please kill my article if someone else says it better/first. I've been > waiting in silence for Solar Designer to speak up and end the debate about how > to do this, but I guess he's away from his e-mail. I was simply unsure if we really need to repeat this discussion (it's been on the list already). ;-) > > Having separate non-overlapping stack and data segments causes a great > > many problems if you want to be able to write programs in C, given > > that a data pointer has to be able to record the address of any > > variable, regardless of whether it is static (data segment) or > > automatic (stack segment). > > This work has already been done: there is a kernel patch for Linux that makes > the stack segment non-executable. For details, go read Solar's source: > http://www.openwall.com/linux/ In reality, the patch does exactly what it says it does: make the user stack area (a range of user-space addresses) non-executable. It does _not_ make the segment (in the x86 sense) non-executable (in fact, it was already non-executable by definition; it is overlapping with the code segment which allowed for execution on the stack). To answer the paragraph you were replying to as well, the patch also does _not_ stop stack and data segments from overlapping (in fact, with the Linux 2.2 version of the patch, the stack and data segments even share the same descriptor table entry). I don't see how this restriction can be related to the execute permissions, though. What the patch does, is reduce the user-space code segment limit so that the segment does not cover the range of addresses allocated to the stack. The base addresses continue to match. Signed, Solar Designer
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:47 PDT