Re: non-executable stack question
- From: John Reiser <jreiser@xxxxxxxxxxxx>
- Date: Sun, 25 Jun 2006 21:36:53 -0700
Is there a way to make non-executable the stack (or the heap) of a
process without patching the kernel?
On which platform?
On the original x86, there is no separate eXecute bit, so if the
memory is readable, it is also executable.
Clever use by lowering the segment limit for the %cs selector
to less than 0xfffff [1M] pages [@ 4KB], allows the kernel to
simulate some important aspects of "no-execute stack, no-execute
[most] .data." This takes advantage of the usual setup where
the addresses in a main program have the relationship
.text < .data < .bss < stack.
Note that shared libraries, which also need coverage by %cs,
historically lived between .bss and stack, so "no-execute .data"
could not be supported. However, some Linux distributions
now 'prelink' shared libraries to live below the usual .text
of most main programs, which increases the effectiveness of
lowering the segment limit on %cs. These ideas are a couple
years old; Fedora Core 3 used them in Nov.2004. Also,
see the manual page for the 'execstack' utility program,
and the PT_GNU_STACK Elf32_Phdr.p_type in <elf.h>.
--
.
- References:
- non-executable stack question
- From: rbtqwt
- Re: non-executable stack question
- From: Paul Pluzhnikov
- non-executable stack question
- Prev by Date: Re: non-executable stack question
- Next by Date: Re: how can a process detect it is running in background?
- Previous by thread: Re: non-executable stack question
- Next by thread: how to see the list of reference of APIs of an library in my exe
- Index(es):
