sacrificing performance for confusion
D. J. Bernstein
djb at cr.yp.to
Thu Jun 26 20:06:02 PDT 2003
Chuck Swiger writes:
> However, I will also acknowledge that it may be the case that it may be
> possible for code to work around a non-executable stack
In every case that I've investigated, not only is it definitely possible
to seize control of the process with limited exec, it's actually fairly
easy. Maybe there are counterexamples, but you obviously don't know any.
(Note to certain people making fools of themselves: that's ``seize
control,'' not ``kill.'')
If disabling x bits becomes popular, attackers will start working around
it, and we'll be back to where we are today. We need to stop the buffer
overflows (and other problems) from occurring in the first place.
Anyway, it seems unlikely that you believe that stack-x data-non-x makes
life any more difficult for the attacker than stack-x data-x; and you
obviously think that stack-non-x data-non-x would be the best situation.
So why do you object to merging the stack and data segments?
---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago
More information about the freebsd-performance