realpath(3) et al
Peter Jeremy
PeterJeremy at optushome.com.au
Tue Aug 12 04:15:40 PDT 2003
On Tue, Aug 12, 2003 at 11:02:16AM +0200, Devon H. O'Dell wrote:
>Features such as a protected stack should, IMO, be implemented as soon as
>possible to keep FreeBSD heads-afloat right now in the security sense....
>OpenBSD has implemented this already and there are many patches for Linux to
>do the same... why don't we go ahead and shove some of this code into CVS?
By "protected" I presume you mean "non-executable". Whilst making the
stack non-executable is trivial, making the system still work isn't.
I believe the FreeBSD signal handling still relies on a signal
trampoline on the stack. Some ports also expect an executable stack
(most commonly lisp implementations).
Some years ago, I tried implementing a non-executable stack on a
Solaris box. Interleaf promptly stopped working so I had to undo the
change.
Peter
More information about the freebsd-security
mailing list