Re: [Announcement] "Exec Shield", new Linux security feature

Andi Kleen (ak@suse.de)
Fri, 2 May 2003 23:07:58 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew Morton: "Re: 2.5.68-mm4"
Previous message: Steven Cole: "Re: 2.5.68-mm4"

On Fri, May 02, 2003 at 01:56:44PM -0700, H. Peter Anvin wrote:
> Andi Kleen wrote:
> >>
> >>x86-64 definitely does, and it's the default on Linux/x86-64.
> >
> > No we had to turn it off and now it's too late to turn it back on again.
> > There is also one bug left that prevents it.
> >
>
> Why is that? And, in particular, why is it "too late to turn it back

mprotect() didn't (and probably still does not) work when you change
PROT_EXEC.

> on"? It seems as long as it's clearly defined as the ABI that change
> can be made later, effectively as a bug fix.

The ABI leaves it undefined. But it does break binaries.

Also gcc needs to be fixed for trampolines (I had some code that enabled
the stack exec in there, but it didn't work because of the mprotect
issues)

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: 2.5.68-mm4"
Previous message: Steven Cole: "Re: 2.5.68-mm4"