Re: Executability of the stack

# grep maps /proc/self/maps
bfce8000-bfcfe000 rw-p bfce8000 00:00 0 [stack]

this shows that the *intent* is to have it non-executable.
Not all x86 processors can enforce this. All modern ones do.

Mine is quite recent:

# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 15
model name : Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
stepping : 6
cpu MHz : 1000.000
cache size : 4096 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 10
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm
constant_tsc up pni monitor ds_cpl vmx est tm2 cx16 xtpr lahf_lm
bogomips : 3996.23

the alternative (showing effective permission) is equally confusing;
apps would see permissions they didn't set...

Indeed, both are confusing (the other way is having permission that you
do not see). But which one is the most dangerous from a security point
of view? For me it is believing that you're protected while you're not.

Maybe it comes from sharing source code for 64 bits and 32 bits
architectures but if so, it should be possible (and highly desirable) to
treat 32 bits differently.

it's not a "32 bit" thing, it's an "older processors don't, newer ones
do" thing.

I've read that 64 bit processors have an execute bit at the page level
while 32 bit ones do not (only at the segment level). I didn't know that
newer 31 bit CPUs did have this bit.

Can you paste your /proc/cpuinfo file here ? Maybe you have a processor
with the capability but just haven't enabled it (either in the bios or
in the kernel config)

I'd be happy to know how to enable it.

Thanks for your help.
Franck
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • Re: Can I use a round bobbin redirects in a shell ?
    ... >>> remember to cat the .baks back into the original files before doing it ... > Cat and not cp so as not to trash the file permissions. ... > I'd try to avoid making changes in a production environment at all. ... But how do you know that the backup is correct? ...
    (uk.comp.os.linux)
  • Re: cannot access folders & files
    ... You have share permissions and you have NTFS ... How can you enforce W2K to enforce this new rule? ... > folder. ... > all) even it have the full control. ...
    (microsoft.public.win2000.active_directory)
  • Re: Can I use a round bobbin redirects in a shell ?
    ... >> remember to cat the .baks back into the original files before doing it ... Cat and not cp so as not to trash the file permissions. ... I'd try to avoid making changes in a production environment at all. ... > result in copying the backup and repeating the edit, ...
    (uk.comp.os.linux)
  • Re: make PROT_WRITE imply PROT_READ
    ... However, if i write to it first and then read from it, i get no SEGV. ... By that logic we should be making PROT_READ imply PROT_EXEC because not all CPUs can enforce them separately, which makes no sense at all. ... i don't believe there is any issue with regards to permissions. ... Another consequenece of this patch is that it forces PROT_READ even for architectures that might be able to support it, but i think this is best for portability. ...
    (Linux-Kernel)
  • Re: Executability of the stack
    ... Not all x86 processors can enforce this. ... the "nx" shows that if you configure your kernel correctly ... permissions currently not hardware enforced permissions. ... mapping would change the visual mapping of other mappings. ...
    (Linux-Kernel)