[16720] in bugtraq
Re: machine independent protection from stack-smashing attack
daemon@ATHENA.MIT.EDU (Jan Echternach)
Mon Sep 11 20:28:36 2000
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <20000911221655.A10404@hokkaido.informatik.uni-rostock.de>
Date: Mon, 11 Sep 2000 22:16:55 +0200
Reply-To: Jan Echternach <jan.echternach@informatik.uni-rostock.de>
From: Jan Echternach <echter@informatik.uni-rostock.de>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <NEBBKKLHLKDPHIKBMCGDCENBCAAA.ycharnot@identikey.com>; from
ycharnot@IDENTIKEY.COM on Mon, Sep 11, 2000 at 09:55:35AM +0400
On Mon, Sep 11, 2000 at 09:55:35AM +0400, Yarrow Charnot wrote:
> > > Microsoft purposely doesn't allow pages to be non-executable,
Microsoft didn't really have a choice. i386 hardware doesn't support
readable, but non-executable pages.
> In other words, if the attribute READ is set, the page is automatically made
> EXECUTABLE. If you trace NT and 9X kernels up to the point where they set
Same with Linux/i386, for instance.
> (NON-EXECUTABLE) on purpose. What purpose? Who on Earth would want to keep
> your data segments executable??? If you want to make it executable, one call
Segment based protections on i386 are different thing. I think you
could emulate a flat memory model with non-executable pages by mapping
data and code segments to different linear addresses, but that would
half the availabe virtual memory and impose a performance penalty.
--
Jan
