Bugtraq mailing list archives
Re: Solaris 7 x86 lpset exploit.
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Sat, 29 Apr 2000 12:24:44 -0400
set noexec_user_stack = 1
[...], there is a reason, why SUN does enable stack execution by default, if i am correctly informed this is due to some fortran or rare/old compiler issue, and might break some fortran or other alien language code...
It'll also break gcc's nested function support, since it's implemented with stack trampolines. (It doesn't *have* to be; in principle function pointers could be widened to carry the same information. But doing that would break function-pointer compatability with code compiled with other compilers...not to mention meaning that most function pointers would carry a bunch of unnecessary-for-them extra data around. Another possible way around it would be to cause gcc to keep part of the stack in the data segment, out of what the kernel thinks of as the stack, and have it do its trampolines there. This runs into big problems with setjmp and other nonlocal exits, and possibly with signal handlers as well.) der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: Solaris 7 x86 lpset exploit. Darren Moffat - Solaris Sustaining Engineering (Apr 28)
- <Possible follow-ups>
- Re: Solaris 7 x86 lpset exploit. Elias Levy (Apr 28)
- Re: Solaris 7 x86 lpset exploit. der Mouse (Apr 29)