> Yah, but with the signal trampoline moved off the stack, you could set
> individual programs to run without an executable stack, which would be
> a huge security win -- huge. We should do it.

But the drawback of their method is that the signal trampoline is given
by libc.

Today, if you change sigreturn interface, you can chagne the signal
trampoline too in the kernel, and you will have binary compatibility. If
the signal trampoline is in libc, then version x of libc only works with
version y of the kernel.

But maybe we have a way of copying it from the kernel to the user
process, but outside the stack?=20


--=20
Emmanuel Dreyfus.                                        manu@netbsd.org
X Window, c'est un millefeuille avec une couche de cr=E8me patissi=E8re, un=
e
de ketchup, et une d'anchois. Faut aimer. Mais c'est vrai que c'est un=20
systeme ouvert: on peut ajouter des pepites de chocolat et des c=E2pres