From: Ingo Molnar <mingo@elte.hu>
To: Arjan van de Ven <arjan@infradead.org>
Cc: Andi Kleen <ak@suse.de>,
akpm@osdl.org, torvalds@osdl.org, linux-kernel@vger.kernel.org,
drepper@redhat.com
Subject: Re: [PROPOSAL/PATCH] Remove PT_GNU_STACK support before 2.6.11
Date: Sun, 6 Feb 2005 13:25:07 +0100 [thread overview]
Message-ID: <20050206122507.GA30091@elte.hu> (raw)
In-Reply-To: <20050206120244.GA28061@elte.hu>
* Ingo Molnar <mingo@elte.hu> wrote:
> > > [...] when the program has trampolines and has PT_GNU_STACK
> > > header with an E bit on the stack it still won't get an executable
> > > heap by default (this is what broke grub)
> > So I rather see the patch below merged instead; it fixes the worst
> > problems (RWE not marking the heap executable) while keeping this
> > useful feature enabled.
> >
> > Signed-off-by: Arjan van de Ven <arjan@infradead.org>
>
> looks good.
>
> Signed-off-by: Ingo Molnar <mingo@elte.hu>
>
> (I'd like to stress that this problem only affects packages
> _recompiled_ with new gcc, running on NX capable CPUs - legacy apps or
> CPUs are in no way affected. Also, even with a recompile,
> apps/kernels/distros have a number of other options as well even
> without this kernel fix, of varying granularity: to use the setarch
> utility, to set the READ_IMPLIES_EXEC personality bit within the code,
> or to pass in the noexec=off kernel commandline option, or to add a
> oneliner patch to their heap of 1500+ kernel patches, or to fix the
> application. Also, with Arjan's patch applied, the execstack utility
> can be used to remark the binary permanently, if needed.)
another, purely userspace solution is to add an execstack.c flag that
clears the PT_GNU_STACK ELF program header and changes it to e.g.
PT_NULL. That makes it a 'legacy' binary for the purposes of the kernel.
Ingo
next prev parent reply other threads:[~2005-02-06 12:25 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-06 11:36 [PROPOSAL/PATCH] Remove PT_GNU_STACK support before 2.6.11 Andi Kleen
2005-02-06 11:47 ` Arjan van de Ven
2005-02-06 12:02 ` Ingo Molnar
2005-02-06 12:25 ` Ingo Molnar [this message]
2005-02-06 12:36 ` Andi Kleen
2005-02-06 12:45 ` Ingo Molnar
2005-02-06 12:50 ` Andi Kleen
2005-02-06 12:59 ` Arjan van de Ven
2005-02-06 13:01 ` Andi Kleen
2005-02-06 13:04 ` Arjan van de Ven
2005-02-06 13:09 ` Andi Kleen
2005-02-06 13:31 ` Ingo Molnar
2005-02-06 13:43 ` Andi Kleen
2005-02-06 13:06 ` Christoph Hellwig
2005-02-06 13:11 ` Andi Kleen
2005-02-06 13:32 ` Ingo Molnar
2005-02-06 13:46 ` Andi Kleen
2005-02-06 14:08 ` Ingo Molnar
2005-02-06 14:22 ` Ingo Molnar
2005-02-06 14:29 ` Andi Kleen
2005-02-06 17:08 ` Linus Torvalds
2005-02-06 17:13 ` Arjan van de Ven
2005-02-06 17:31 ` Linus Torvalds
2005-02-06 17:39 ` Arjan van de Ven
2005-02-06 18:04 ` Linus Torvalds
2005-02-06 18:08 ` Arjan van de Ven
2005-02-06 17:56 ` Andi Kleen
2005-02-06 12:33 ` Andi Kleen
2005-02-06 12:40 ` Arjan van de Ven
2005-02-06 12:48 ` Andi Kleen
2005-02-06 15:54 ` Andreas Schwab
2005-02-06 17:05 ` Linus Torvalds
2005-02-06 17:58 ` Andi Kleen
2005-02-06 12:11 ` Paweł Sikora
[not found] ` <200502061303.12377.pluto@pld-linux.org>
[not found] ` <20050206124701.GD30109@wotan.suse.de>
2005-02-06 18:07 ` Paweł Sikora
2005-02-06 18:38 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050206122507.GA30091@elte.hu \
--to=mingo@elte.hu \
--cc=ak@suse.de \
--cc=akpm@osdl.org \
--cc=arjan@infradead.org \
--cc=drepper@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.