Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: 2nd Linux kernel patch to remove stack exec
From: solar () SUN1 IDEAL RU (Solar Designer)
Date: Sun, 13 Apr 1997 17:43:04 -0300


Hello.

Objective C uses trampolines, also.  GNU libc 2.0 uses trampolines ...

It's not really a problem -- everything should run just fine with my patch.
However, the patch will not prevent buffer overflow exploits for those
programs that use trampolines.

This means that as long as libc5 is being used, most (if not all) privileged
processes will have stack execution permission disabled. :)

As for glibc, maybe it is time to change it not to use trampolines?

Admited trampolines are a stupid idea because their performance sucks
on many architectures.

AFAIK, they will cause some overhead for maintaining L1 code and data caches
coherency, since the stack frame is usually in the data cache -- resulting in
bad performance.

Signed,
Solar Designer



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]