Subject: Re: non executable stack
To: Emmanuel Dreyfus <manu@netbsd.org>
From: Chuck Silvers <chuq@chuq.com>
List: tech-kern
Date: 02/02/2003 13:33:04
hi,
a while back I started on updating all the pmaps to support VM_PROT_EXEC
(at least, as much as the hardware allows). I've put the code for the last
version that I had working at
ftp://ftp.netbsd.org/pub/NetBSD/misc/chs/noexec/diff.20021123
there's support for alpha, sparc (sun4m), and x86 (stack only, from frank).
some of the non-pmap code in that diff is bogus, it contains a couple hacks
to allow things to work even though there are other changes needed.
basically, the pmap parts are what I want to share, but you need the
rest to have a system that works at all. if anyone else wants to run
with this, that'd be great.
-Chuck
On Sun, Feb 02, 2003 at 07:16:36PM +0100, Emmanuel Dreyfus wrote:
> Hi all
>
> Where are we exactly with respect to non executable stack? Jason
> switched our signal implementation to a libc version, thus removing the
> need at this level.
> As far as I understand the problem, we have the following problems:
> - COMPAT_* Binaries need executable stacks, we will never be able to fix
> that, but at least we can try to do non executable stacks for our
> natives binaries
>
> - C++ code needs to execute the stack. Is there a way of dealing with
> that?
> - i386 is unable to have a non executable page which is writable.
>
> The C++ issue is only for userland processes, we have no C++ in the
> kernel. What would prevent us from having non executable heap and stacks
> for kernel space on non i386 CPUs?
>
> And for userland process, do we have some plans?
>
> --
> Emmanuel Dreyfus.
> Microsoft is not the answer, Microsoft is the question.
> "No, thank you" is the answer.
> manu@netbsd.org