VM_PROT_EXEC on the stack
Peter Wemm
peter at wemm.org
Sat Jun 14 19:50:49 UTC 2008
gcc copies code to the stack and runs it in certain circumstances
(nested functions). We'd need code added to libgcc to do the
appropriate mprotect() calls. I think code exists for NetBSD to do
this if somebody wants to pick this up. Search for mprotect in gcc
source.
Also, the very top page has the signal trampoline executable code. If
you wanted to turn off EXEC, you'd either have to leave the very top
page executable or move the trampoline elsewhere (eg: libc, like on
sparc64). BTW: I'd like the latter.
On Sat, Jun 14, 2008 at 10:44 AM, Ed Schouten <ed at 80386.nl> wrote:
> Hello everyone,
>
> I'm not a real guru when it comes to low level x86 hardware stuff, but
> some time ago I read somewhere that the NX bit on AMD64 CPU's could be
> used to mark the stack as non-executable, making it impossible to
> execute code on the stack (through buffer overflows).
>
> When I look at procstat -v's output on FreeBSD/amd64, I see the stack
> has VM_PROT_EXEC. Is there a specific reason for this?
>
> Yours,
> --
> Ed Schouten <ed at 80386.nl>
> WWW: http://80386.nl/
>
--
Peter Wemm - peter at wemm.org; peter at FreeBSD.org; peter at yahoo-inc.com
"All of this is for nothing if we don't go to the stars" - JMS/B5
"If Java had true garbage collection, most programs would delete
themselves upon execution." -- Robert Sewell
More information about the freebsd-amd64
mailing list