[31189] in bugtraq
Re: Buffer overflow prevention
daemon@ATHENA.MIT.EDU (Gerhard Strangar)
Thu Aug 14 17:29:05 2003
Message-Id: <200308142120.h7ELJxam011526@postman.arcor.de>
Date: Thu, 14 Aug 2003 23:14:20 +0200
From: Gerhard Strangar <gerhard@brue.net>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms205F4D28F85B4DD3DCEB5E76"
--------------ms205F4D28F85B4DD3DCEB5E76
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Theo de Raadt wrote:
> W^X is more than just stack protection. It means that all pages that
> are writeable are also marked as not executable. At least, it means
> this is how the system by default operates, until some process asks
> for something that has both write and execute permission.
>
> On some architectures W^X is easy, since the native architecture has a
> execute-permitted bit per page (sparc, sparc64, alpha, hppa, m88k).
> On other architectures, it is difficult and various hacks have to be
> done to make it work (i386, powerpc).
It's not difficult at all on x86, but having non-overlapping Segments
for Code and Data/Stack would limit the virtual address space. This
doesn't matter if your machine is equipped with 2 GB (RAM+Pagefile) or
less, because all pages of those 2 GB can completely be mapped to linear
addresses in either the code or data/stack segment. As soon as there's
more memory available, you have to decide how large the code and
data/stack segment should be.
Adressing more than 4 GB on x86 is an ugly hack anyways -PSE as well as
PAE.
--
* Origin: (2:2480/8057.2)
--------------ms205F4D28F85B4DD3DCEB5E76
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIIFuAYJKoZIhvcNAQcCoIIFqTCCBaUCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
A1YwggNSMIICu6ADAgECAg5V9QAAAALgEwKXU12x8zANBgkqhkiG9w0BAQQFADCBvDELMAkG
A1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoT
MVRDIFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgxIjAg
BgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDEgQ0ExKTAnBgkqhkiG9w0BCQEWGmNlcnRp
ZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTAzMDExMDEyMzM1MFoXDTA0MDExMDEyMzM1MFow
STELMAkGA1UEBhMCREUxGTAXBgNVBAMTEEdlcmhhcmQgU3RyYW5nYXIxHzAdBgkqhkiG9w0B
CQEWEGdlcmhhcmRAYnJ1ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMkhtzh2
tEwosDhpUDfDsKReDv42GK3AXn4rK5E2Vs3NwlX7xiM2qvAArY0HhtSeUo52m56CyCfEPZSN
Hri+G/dDch5Jcq4QBHuMm0kl4J6UZsK3hkNKcatHT3VIpe8EsgV6Ij2rgpsvFRAnT7wYgJ0q
5T/XuIdB9hsSAQCehgx7AgMBAAGjgcgwgcUwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMC
BeAwMwYJYIZIAYb4QgEIBCYWJGh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5l
czARBglghkgBhvhCAQEEBAMCBaAwXQYJYIZIAYb4QgEDBFAWTmh0dHBzOi8vd3d3LnRydXN0
Y2VudGVyLmRlL2NnaS1iaW4vY2hlY2stcmV2LmNnaS81NUY1MDAwMDAwMDJFMDEzMDI5NzUz
NURCMUYzPzANBgkqhkiG9w0BAQQFAAOBgQCCOXasggxtiLBT4j9RRzhfKvMj9Bsvfs22pSTD
IsktyTN6L/fAEIsXsTJSkGsvEPBxLoRL9ScZ46nj1s24bVayubFehgqX15GNq7I8TkH5ey46
GWD8nJZmq6bq33hlM3cDBPPhlSECYXVNFTwCjdLhV0qB7Q2Nz736fBWnHWP2DjGCAiowggIm
AgEBMIHPMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVyZzEQMA4GA1UEBxMHSGFt
YnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9yIFNlY3VyaXR5IGluIERhdGEgTmV0
d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMSBDQTEpMCcGCSqG
SIb3DQEJARYaY2VydGlmaWNhdGVAdHJ1c3RjZW50ZXIuZGUCDlX1AAAAAuATApdTXbHzMAkG
BSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MDMwODE0MjExNDIwWjAjBgkqhkiG9w0BCQQxFgQUbBBzY5rQrs0qoXmpo0WCW8DkGfQwUgYJ
KoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYI
KoZIhvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEgYCfp6ZPuEy8xtHG
tUf8X5LmKfVMHDCcF4QgXeQoAGPrsuc4KaXckMd2JX2V3I961KCwicvSe9cikAOB1eQ3nHL5
jot2lz6gUZZQEnv+cOBW+0HVZ4H43bPlC2cA57BiELN1wY178NW2AKoPkzLotEbp4zWeexNO
LIPmWedy3f21oA==
--------------ms205F4D28F85B4DD3DCEB5E76--
