Re: 2nd Linux kernel patch to remove stack exec

Systemkennung Linux (linux@mailhost.uni-koblenz.de)
Mon, 14 Apr 1997 00:26:59 +0200 (MET DST)


Hi,

> It's not really a problem -- everything should run just fine with my patch.
> However, the patch will not prevent buffer overflow exploits for those
> programs that use trampolines.
>
> This means that as long as libc5 is being used, most (if not all) privileged
> processes will have stack execution permission disabled. :)
>
> As for glibc, maybe it is time to change it not to use trampolines?

A patch which does this should now be in the glibc 2.1 development source.

> > Admited trampolines are a stupid idea because their performance sucks
> > on many architectures.
>
> AFAIK, they will cause some overhead for maintaining L1 code and data caches
> coherency, since the stack frame is usually in the data cache -- resulting in
> bad performance.

We're talking about some hundred cycles or more ...

Ralf