Subject: Re: Code on stack (Re: exploit with memcpy())
To: None <email@example.com>
From: David Laight <firstname.lastname@example.org>
Date: 07/04/2002 17:56:32
> The compiler emits code to sync the I-cache after the trampoline is spit
> out onto the stack.
> We could change the "sync the I-cache" code to also make a call to
> mprotect(..., PROT_READ|PROT_WRITE|PROT_EXEC).
> Then, when the pmap is invoked to make the protection change, it could
> enable execution on the stack if the page being marked for execution is
> a stack page.
ISTM that someones 'little trick' of generating an on-stack
trampoline has got rather out of control!
The cost of the I-cache sync must surely overwhelm any instruction
count benefit of the trampoline?
Since code is required in libc, it might as well be the stack tidy
Or have I missed something again :-(
David Laight: email@example.com