Subject: Re: signal trampoline implementation choices
To: Emmanuel Dreyfus <firstname.lastname@example.org>
From: Klaus Klein <email@example.com>
Date: 04/22/2002 23:44:01
firstname.lastname@example.org (Emmanuel Dreyfus) writes:
> > Yah, but with the signal trampoline moved off the stack, you could set
> > individual programs to run without an executable stack, which would be
> > a huge security win -- huge. We should do it.
> But the drawback of their method is that the signal trampoline is given
> by libc.
> Today, if you change sigreturn interface, you can chagne the signal
> trampoline too in the kernel, and you will have binary compatibility. If
> the signal trampoline is in libc, then version x of libc only works with
> version y of the kernel.
However, when you register a signal trampoline with the kernel, you
can also pass a version number along as one of its attributes, and let
the kernel choose the interface based on that. Subsequently, you can
configure your kernels to support for previous trampoline interfaces
as a part of COMPAT_nn.