Subject: Re: 2.0RC4: defeating non-exec stack
To: None <email@example.com>
From: Christos Zoulas <firstname.lastname@example.org>
Date: 11/08/2004 23:24:12
In article <20041108230757.34D151C05E@coconut.itojun.org>,
>>At $DAYJOB, I'm working with a box with a "hardware" (firmware, really)
>>RAID array a bit over 1TB. 1.6.2 can't handle that; 2.0_RC4 (the most
>>recent i386 kernel I found on ftp.netbsd.org) can.
>>So I was booting the 2.0_RC4 kernel with a fully 1.6.2 userland. And
>>one of my tools started coredumping on me. On investigation, this
>>proves to happen exactly when it tries to enter the stack trampoline
>>that implements a nested function.
>>Now, I think I understand why non-executable stack is seen as a good
>>thing. And presumably the 2.0RC4 compiler does whatever tapdancing is
>>necessary to make nested functions work. But this breaking of backward
>>compatability is a problem. How do I disable this misfeature so I can
>>run my 1.6.2 executables? I did a little sysctl -a | grep searching
>>and found nothing; perhaps I just didn't try the right grep pattern -
>>or perhaps it's that I was using the 1.6.2 sysctl, though a machine I
>>can get a shell on running 2.0_BETA didn't have anything
>>helpful-looking in its sysctl -a output.
>>Note that I don't have a 2.0 build environment, so anything that
>>involves recompiling (eg) the kernel is not workable. The kernel is
>>the GENERIC_DIAGNOSTIC kernel from
>>/pub/NetBSD-daily/netbsd-2-0/200410160000/i386 on ftp.netbsd.org.
> COMPAT_16? see src/UPDATING 20030906.
That is different I think. The note you mention allows the in-kernel
pre-siginfo signal trampoline code to work. COMPAT_16 is on by
default on 2.0_RC4 so that should not be it. Maybe edit exec_subr.c
and add PROT_EXEC to exec_setup_stack()?