Subject: Re: read {write,only} stack
To: None <current-users@NetBSD.ORG>
From: Carl S Shapiro <cshapiro@sparky.ic.sunysb.edu>
List: current-users
Date: 08/20/1997 04:12:46
> For the i386 architecture there was some linux hacks that would stop
> the stack being executable - dunno how portable they would be, if at
> all. You need to be careful about doing this though as the changes
> are more than just a kernel hack. IIRC gcc relies on an executable
> stack for some of it's trampoline code which means that some things
> could break with a non-executable stack. The up side is that it does
> provide a convenient method of preventing the fixed-buffer overrun type
> exploits that are currently fashionable in the cracker community.
I am suprised that Linux is able to make the stack non-executable despite
it's heavly reliance on trampoline code. Whatever these hacks are, they
must be really (really really) ugly.
By frobbing something during boot time under Solaris one can frob something
with adb to prevent the stack from being executable... this supposedly
works on all of Solaris 2's supported architectures. It would be really cool
if it was this easy for NetBSD.
Does anyone know how much of NetBSD relies on trampoline code (does any part
of NetBSD rely on trampoline code for that matter)?
Carl