Re: [PATCH v4 3/3] MIPS: set stack/data protection as non-executable

[David Daney]

On 08/05/2015 05:46 PM, Leonid Yegoshin wrote:
> On 08/05/2015 05:37 PM, David Daney wrote:
> > This just means that your userspace is broken.
> >
> > If GLibC cannot do the right thing then it should be fixed.
>
> Let's skip this until you explain how to create a fully
> non-executable-stack process.

Build almost any program with a gcc/glibc from a recent Cavium SDK 
toolchain.

Something like this:

  mips64-octeon-linux-gnu-gcc -o myprogram myprogram.c


> > You cannot change the default setting for executable stack just
> > because you have created a broken userspace.
>
> Please give me at least one example, one existing application which
> would suffer.

Anything compiled with gcj that uses java.lang.reflect.Method.invoke()

Anything that uses gcc nested functions.

Anything that uses libffi

Where an older toolchain that doesn't set PT_GNU_STACK was used.

> I remember that people already wrote here that this kind of apps (which
> is based on eXecutable stack and doesn't announce it in PT_GNU_STACK)
> need to be eliminated.
>
> > The ability of legacy userspace to continue functioning cannot be
> > sacrificed.
>
> Not at any price.
>
> However, this switch is a separate patch from others. It can be not
> applied or it can be applied, depending from prevailing mind - what is
> more significant, some (unknown) app or non-executable stack protection.
>
> - Leonid.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/