* stack -> PROT_EXEC/why?
@ 2002-08-05 1:22 kkonaka
2002-08-05 11:10 ` Glynn Clements
0 siblings, 1 reply; 3+ messages in thread
From: kkonaka @ 2002-08-05 1:22 UTC (permalink / raw)
To: linux-c-programming
hi,
casually looking at files like this:
glibc-2.2.3/linuxthreads/manager.c
| res_addr = mmap(map_addr, stacksize + guardsize,
| PROT_READ | PROT_WRITE | PROT_EXEC,
| MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
it appears PROT_EXEC is also given to the per thread
stack(?) pages -- why is it the case? that is - if we
consider things like buffer overflow (security)
problems, isn't it better not give PROT_EXEC unless
abslutely necessary? [so -- maybe there *is* some
absolute necessity I'm not aware of,... :(]
(stepping back) is PROT_EXEC also given to ordinally
stack segment of single threaded programs? was there
any API to retrieve page protection bits given only
arbitrary VM addresses?
regards,
kenji
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: stack -> PROT_EXEC/why?
2002-08-05 1:22 stack -> PROT_EXEC/why? kkonaka
@ 2002-08-05 11:10 ` Glynn Clements
2002-08-05 14:21 ` kkonaka
0 siblings, 1 reply; 3+ messages in thread
From: Glynn Clements @ 2002-08-05 11:10 UTC (permalink / raw)
To: kkonaka; +Cc: linux-c-programming
kkonaka@mac.com wrote:
> casually looking at files like this:
> glibc-2.2.3/linuxthreads/manager.c
> | res_addr = mmap(map_addr, stacksize + guardsize,
> | PROT_READ | PROT_WRITE | PROT_EXEC,
> | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
> it appears PROT_EXEC is also given to the per thread
> stack(?) pages -- why is it the case?
>
> that is - if we
> consider things like buffer overflow (security)
> problems, isn't it better not give PROT_EXEC unless
> abslutely necessary? [so -- maybe there *is* some
> absolute necessity I'm not aware of,... :(]
It is sometimes necessary to execute dynamically generated code which
is placed on the stack. The most common cases are in handling signals,
in a technique called a "trampoline" (this is mentioned in the gcc
Info file), and some emulators (e.g. Executor, the Mac emulator).
> (stepping back) is PROT_EXEC also given to ordinally
> stack segment of single threaded programs?
Yes. There is a patch available to change this, but in the standard
kernel, the primary stack is executable.
> was there any API to retrieve page protection bits given only
> arbitrary VM addresses?
It isn't portable, but you can get this information from
/proc/<pid>/maps.
--
Glynn Clements <glynn.clements@virgin.net>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: stack -> PROT_EXEC/why?
2002-08-05 11:10 ` Glynn Clements
@ 2002-08-05 14:21 ` kkonaka
0 siblings, 0 replies; 3+ messages in thread
From: kkonaka @ 2002-08-05 14:21 UTC (permalink / raw)
To: glynn.clements; +Cc: linux-c-programming
> It is sometimes necessary to execute dynamically generated code which
> is placed on the stack. The most common cases are in handling signals,
> in a technique called a "trampoline" (this is mentioned in the gcc
> Info file), and some emulators (e.g. Executor, the Mac emulator).
thank you very much - this helps me a lot.
> Yes. There is a patch available to change this, but in the standard
> kernel, the primary stack is executable.
I'll try {locate/}take a look :)
> It isn't portable, but you can get this information from
> /proc/<pid>/maps.
tested with my mini-test program - serves the purpose fine :)
thanks again!
kenji
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-08-05 14:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-08-05 1:22 stack -> PROT_EXEC/why? kkonaka
2002-08-05 11:10 ` Glynn Clements
2002-08-05 14:21 ` kkonaka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).