Re: OS stopping stack buffer overflow exploits

From: Khimenko Victor (khim@sch57.msk.ru)
Date: Sun Jun 04 2000 - 11:46:42 EST

Next message: Gisle S{lensminde: "Re: OS stopping stack buffer overflow exploits"
Previous message: Khimenko Victor: "Re: OS stopping stack buffer overflow exploits"
In reply to: Jeff Garzik: "Re: OS stopping stack buffer overflow exploits"
Next in thread: lamont@icopyright.com: "Re: OS stopping stack buffer overflow exploits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In <20000604120610.E18912@nightmaster.csn.tu-chemnitz.de> Ingo Oeser (ingo.oeser@informatik.tu-chemnitz.de) wrote:
> On Sun, Jun 04, 2000 at 05:07:35AM -0400, Jeff Garzik wrote:
>> > Could you please show a daily example of any *need* for
>> > trampolines? I mean code, which could only be implemented
>> > (efficiently) via trampolines.
>> >
>> > I never saw one generated by GCC and never wrote an explicit one
>> > by myself. So for what important piece of code we do need it and
>> > can't code it without trampolines?
>>
>> A commercial Java compiler (the fastest one on the market AFAIK) uses
>> then, and IIRC Gnu Ada uses some features which are unfriendly to the
>> OS attempting to stop stack overflow exploits across the board.

> No code shown either.

Huh ? Perhaps since need for trampolines for Ada/Pascal/Java is SO obvious
that noone imagined that here at lklm can be even one who SERIOUSLY will
think they are not needed ???

> And no reason deployed, why we couldn't code this without trampolines in
> the old threads.

We can. Of course we can. Just add one additional parameter to each and
every procedure pointer. And make void* 64 bit instead of 32 bit (since
procedure pointer must be castable to void* ). Do you like it ? Or add some
checks to each and every call of procedure via pointer. So it'll slow down
EVERY non-direct call in EVERY program. Do you think it's right solution ?
Hmmm...

>> In any case, this thread has been beaten to death. Maybe we should all
>> just re-read the old threads? :)

> I've followed these threads and got no answer. I only saw
> comments like "it is _really_ needed, because XXX uses it." But
> never saw _any_ code, which will perform much worse without them.

Do you REALLY that stupid ? Why you need code in lklm if it's described
pretty good in GCC's manual already ?

> I only know, that there exists code, which uses it, but never
> been able to understand the reasoning behind doing it that way.

Then perhaps you just never used any languages besides of C and C++ ?

> So I still wait for a beating performance argument (factor or
> order of magnitude) ;-)

Oh. It's not factor of magnitude. It's mere few percents. For each and every
place where non-direct procedure call is used and NOT only for places where
trampolines now are used. Do you think kernel developers will like it ?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Gisle S{lensminde: "Re: OS stopping stack buffer overflow exploits"
Previous message: Khimenko Victor: "Re: OS stopping stack buffer overflow exploits"
In reply to: Jeff Garzik: "Re: OS stopping stack buffer overflow exploits"
Next in thread: lamont@icopyright.com: "Re: OS stopping stack buffer overflow exploits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:19 EST