There are checks you could do from the kernel but they would not
be able to reliably detect an arbitrary program which would
cause this instruction to run. In other words, if I saw your
patch, i could easily write a program that gets around it.
quick ideas that have been discussed with others:
- check for the instruction
problem: i can synthesize the instruction at run time
- check to see if the code synthesizes and runs the instruction
problem: you cant do this statically (its undecideable)
and to do it dynamically you'd have to interpret every
instruction you executed (too costly)
- dont allow code to run out of stack
problem: i can synthesize it elsewhere
- dont allow code to run out of anything but the read-only
text segment.
problem: i can change the protection on the text segment
- force text segment to always be read-only
forcing code to run out of text could cause some existing programs
to break.
> -seifried
Tim N.