Re: 2nd Linux kernel patch to remove stack exec

[linux () MAILHOST UNI-KOBLENZ DE (Systemkennung Linux)]

Hi,

> It's not really a problem -- everything should run just fine with my patch.
> However, the patch will not prevent buffer overflow exploits for those
> programs that use trampolines.
>
> This means that as long as libc5 is being used, most (if not all) privileged
> processes will have stack execution permission disabled. :)
>
> As for glibc, maybe it is time to change it not to use trampolines?

A patch which does this should now be in the glibc 2.1 development source.

> > Admited trampolines are a stupid idea because their performance sucks
> > on many architectures.
>
> AFAIK, they will cause some overhead for maintaining L1 code and data caches
> coherency, since the stack frame is usually in the data cache -- resulting in
> bad performance.

We're talking about some hundred cycles or more ...

  Ralf