Re: 2nd Linux kernel patch to remove stack exec

Systemkennung Linux (linux@MAILHOST.UNI-KOBLENZ.DE)
Mon, 14 Apr 1997 00:26:59 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Systemkennung Linux: "Re: 2nd Linux kernel patch to remove stack exec"
Previous message: Miguel de Icaza: "Re: 2nd Linux kernel patch to remove stack exec"
Maybe in reply to: Solar Designer: "2nd Linux kernel patch to remove stack exec"
Next in thread: Systemkennung Linux: "Re: 2nd Linux kernel patch to remove stack exec"

Hi,

> It's not really a problem -- everything should run just fine with my patch.
> However, the patch will not prevent buffer overflow exploits for those
> programs that use trampolines.
>
> This means that as long as libc5 is being used, most (if not all) privileged
> processes will have stack execution permission disabled. :)
>
> As for glibc, maybe it is time to change it not to use trampolines?

A patch which does this should now be in the glibc 2.1 development source.

> > Admited trampolines are a stupid idea because their performance sucks
> > on many architectures.
>
> AFAIK, they will cause some overhead for maintaining L1 code and data caches
> coherency, since the stack frame is usually in the data cache -- resulting in
> bad performance.

We're talking about some hundred cycles or more ...

Ralf

Next message: Systemkennung Linux: "Re: 2nd Linux kernel patch to remove stack exec"
Previous message: Miguel de Icaza: "Re: 2nd Linux kernel patch to remove stack exec"
Maybe in reply to: Solar Designer: "2nd Linux kernel patch to remove stack exec"
Next in thread: Systemkennung Linux: "Re: 2nd Linux kernel patch to remove stack exec"