Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Solaris 2.6 non-executable stacks
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Tue, 16 Jun 1998 12:21:41 +0200


On Fri, 12 Jun 1998, Dax Kelson wrote:
A new feature in Solaris 2.6 is the ability to turn off executable stacks.
[...]
Does anyone know how secure this implementation is?

More importantly, does anyone know whether this breaks anything, like
early versions of Solar Designer's Linux patch did?


The "protect_stack" script which implements this feature for 2.5[.1] does
break JIT compilers for Java as it also protects all BSS pages.

The 2.6 feature probably breaks gcc nested functions (when passed as
arguments) and perhaps gcc objective C as both generate code on the
stack.

But I've heard no breakage reports on any major program; all reports I
heard on protect_stack had to do with the data segment protection change.
(Basically, I had no choice but to protect all ZFOD pages)

The 2.6 feature is only supported on Ultra class and sun4m/sun4d systems;
not on others, not en x86 either. I don't think x86 hardware supports the
per-page protection bit required; you can only do it per-segment; this
makes it impossible for programs to use mprotect() on the stack to get
execute permission back.

The 64 bit SPARC V9 ABI has removed the requirement for the stack to
be executable; so the stack is not executable for 64 bit processes
in Solaris 2.7.

Casper



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault