Re: Non-Exec stack patches

[David Mosberger]

>>>>> On Wed, 24 Mar 2004 02:00:20 -0500, Jakub Jelinek <jakub@xxxxxxxxxx> said:

  Jakub> But I think we should change the toolchain and generate it on
  Jakub> IA64 and PPC64 as well (only GCC would need changing,
  Jakub> emitting .section .note.GNU-stack,"",@progbits at the end of
  Jakub> every compile unit, ld takes care of the rest) exactly for
  Jakub> uniformity's sake and because you get ld.so handling free.

I'm not following you on the "get ld.so handling free" part.  How is
that handling free?

  Jakub> GLIBC dynamic linker will take care of making the stack
  Jakub> executable if say a binary which doesn't need executable
  Jakub> stack depends on a shared library which needs executable
  Jakub> stack or even dlopens a library which needs executable stack.

Actually, that's something that worries me.  Somebody just needs to
succeed in loading any shared object with the right PT_GNU_STACK
header and then the entire program will be exposed to the risk of a
writable stack.  On ia64, I just don't see any need to ever implicitly
turn on execute-permission on the stack, so why allow this extra
backdoor?

	--david
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/