Subject: Re: 2.0RC4: defeating non-exec stack
To: None <>
From: Christos Zoulas <>
List: tech-kern
Date: 11/08/2004 23:24:12
In article <>,
 <> wrote:
>>At $DAYJOB, I'm working with a box with a "hardware" (firmware, really)
>>RAID array a bit over 1TB.  1.6.2 can't handle that; 2.0_RC4 (the most
>>recent i386 kernel I found on can.
>>So I was booting the 2.0_RC4 kernel with a fully 1.6.2 userland.  And
>>one of my tools started coredumping on me.  On investigation, this
>>proves to happen exactly when it tries to enter the stack trampoline
>>that implements a nested function.
>>Now, I think I understand why non-executable stack is seen as a good
>>thing.  And presumably the 2.0RC4 compiler does whatever tapdancing is
>>necessary to make nested functions work.  But this breaking of backward
>>compatability is a problem.  How do I disable this misfeature so I can
>>run my 1.6.2 executables?  I did a little sysctl -a | grep searching
>>and found nothing; perhaps I just didn't try the right grep pattern -
>>or perhaps it's that I was using the 1.6.2 sysctl, though a machine I
>>can get a shell on running 2.0_BETA didn't have anything
>>helpful-looking in its sysctl -a output.
>>Note that I don't have a 2.0 build environment, so anything that
>>involves recompiling (eg) the kernel is not workable.  The kernel is
>>the GENERIC_DIAGNOSTIC kernel from
>>/pub/NetBSD-daily/netbsd-2-0/200410160000/i386 on
>	COMPAT_16?  see src/UPDATING 20030906.

That is different I think. The note you mention allows the in-kernel
pre-siginfo signal trampoline code to work. COMPAT_16 is on by
default on 2.0_RC4 so that should not be it. Maybe edit exec_subr.c
and add PROT_EXEC to exec_setup_stack()?