[14718] in bugtraq
Re: Solaris 7 x86 lpset exploit.
daemon@ATHENA.MIT.EDU (Darren Moffat - Solaris Sustaining)
Fri Apr 28 18:44:48 2000
Mime-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-Md5: 5Vx3R+wu7j4sG+s7cl6K3A==
Message-Id: <200004280912.KAA24061@otis.UK.Sun.COM>
Date: Fri, 28 Apr 2000 10:12:46 +0100
Reply-To: Darren Moffat - Solaris Sustaining Engineering <Darren.Moffat@UK.Sun.COM>
From: Darren Moffat - Solaris Sustaining Engineering <Darren.Moffat@UK.SUN.COM>
X-To: jpm@class.de
To: BUGTRAQ@SECURITYFOCUS.COM
>on all solaris/sparc app's i have used so far, there is a reason,
>why SUN does enable stack execution by default, if i am correctly
>informed this is due to some fortran or rare/old compiler issue,
>and might break some fortran or other alien language code...
Correct, some lisp and Objective C compilers use trampolineing as part
of their compiler/interpreter mechanism this relies on executing code
sitting on the stack.
The most important reason is that SPARCv{7,8} ABI requires the
stack to be executable so chaining it would mean Solaris was no
longer compliant with the SPARC ABI.
SPARCv9 ABI has the stack non-executable so 64bit programs already
have a nonexec_user_stack style of protection. Note that you need
the Sun Workshop C compiler 5.0 or above to generate 64bit binaries.
--
Darren J Moffat
