sacrificing performance for confusion

D. J. Bernstein djb at
Thu Jun 26 15:09:14 PDT 2003

> Using VMM protection to forbid code execution within the DATA, BSS, heap,
> and stack (if one can) mitigates against a common class of problems--

I don't believe you. Show me a real program that's (1) vulnerable if
data/bss/heap/stack are executable and (2) invulnerable otherwise.

Yes, attacks are often written to take advantage of executable stacks;
but, in every case I've investigated, the programs would still have been
vulnerable with non-executable stacks.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

More information about the freebsd-performance mailing list