Subject: Re: Code on stack (Re: exploit with memcpy())
To: Ignatios Souvatzis <>
From: Jason R Thorpe <>
List: tech-userlevel
Date: 07/04/2002 09:31:50
On Thu, Jul 04, 2002 at 10:54:04AM +0200, Ignatios Souvatzis wrote:

 > The procedure that seems appropriate is to have some flag in the executable
 > that tells the exec() call to turn stack executability on. The toolchain would
 > create it, if necessary. (If the sysadmin hasn't {switched of, compiled out of
 > the kernel} support of this.).

You don't even need to do this.

The compiler emits code to sync the I-cache after the trampoline is spit
out onto the stack.

We could change the "sync the I-cache" code to also make a call to

Then, when the pmap is invoked to make the protection change, it could
enable execution on the stack if the page being marked for execution is
a stack page.

        -- Jason R. Thorpe <>