Re: Linux kernel patch to remove stack exec permission

Casper Dik (casper@HOLLAND.SUN.COM)
Sat, 12 Apr 1997 23:06:53 +0200

>There seemed to be no patch for Linux kernel to remove execute permission
>from the stack (to prevent most buffer overflow exploits), so I decided to
>make one, I include it at the end of this message. I heard some rumours that
>GCC assumes stack frame to be executable when dealing with nested functions,
>but I couldn't reproduce that. I'm running this patched kernel for a day now,
>and everything (well, except for the exploits) seems to work fine. However,
>some programs may depend on the stack being executable... I'd like to hear
>any reports of this.

Gcc assumes the stack is executable when it passes nested functions
as parameters (nested functions require a pointer to the scope, so
a small function is pushed on teh stack that adds an extra argument.

Not standard C, anyway.

>created a new descriptor instead, leaving the old one with its original
>limit, since that still allows to execute some code on the stack when needed,
>by using old code segment selector. For example, the kernel itself needs that
>ability to return from signal handlers.

Can you use mprotect to deprotect the stack?

I'm told the x86 systems don't have page granularity when it comes to
execute permissions, only per descriptor (of which you have four?)?

Casper