Re: Non-Exec stack patches
From: David Mosberger
Date: Wed Mar 24 2004 - 12:13:57 EST
>>>>> On Wed, 24 Mar 2004 08:29:24 -0800, John Reiser <jreiser@xxxxxxxxxxxx> said:
Jakub> but it is still possible some language interpreter or
Jakub> something builds code on the fly on the stack).
David> That's why there is mprotect().
John> But mprotect() costs enough (hundreds of cycles) to be a
John> significant burden in some cases. Generating code to a stack
John> region that is inherently executable is inexpensive (even
John> allowing for restrictive alignment and avoiding I/D cache
John> conflicts), is thread safe, is async-signal safe, and takes
John> less work than other alternatives. Yes, the "black hats" do
John> this; so do the "white hats." Please do not increase the
John> minimum cost for applications that want generate-and-execute
John> on the stack at upredictable high frequency.
Huh? Only one mprotect() call is needed to make the entire stack
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/