Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Stack size

From: Chuck Swiger <chuck () codefab com>
Date: Sat, 26 Apr 2003 21:37:04 -0400
Cat Okita wrote:

In the process of doing some trivial (and admittedly sloppy) programming
recently, it became apparent that OSX has a surprisingly low stack size
of 512K (measured via getrlimit, to show the current (soft) limit, and
the hard limit).
512K probably still represents a thousand or so PPC stack frames, which is arguably too small-- certainly if the program uses alloca() or local variables to any extent. 


Checking other (albeit not the same hardware architecture) systems for
curiousity, it seems that it's much more common to have a stack size
of 8Mb.
8 MB is common, yes. See /etc/login.conf on FreeBSD for how to change the defaults, or /etc/profile on most systems for a place to adjust the defaults limits to something you find more reasonable. Something like this, and/or with -H instead of -S to adjust the hard limits: 

# Set reasonable soft process limits.
ulimit -Sc 0
ulimit -Sd 512000
ulimit -Ss 16384
ulimit -Sn 256
ulimit -Su 100


Is there any particular reason why it would be advantageous to have
such a small stack size?
In terms of security? No, not really, although the Mach kernel used by OS X has long made the distinction between VM pages which are readable, writable, or executable, if the underlying hardware supports it. So it already supports prevention of executing code on the stack if the G4 CPU can, mitigating the risk of some exploits.
If you're asking why OS X has such a small default, it's possibly because that's the amount of stack space per thread per task, and some Mach apps are heavily threaded. If you reserve 16 MB of space per stack with an app that forks a few dozen threads, you can overrun the chunk of VM address space that the system expects the stack(s) to fit into. More of a legacy setting from the days of MachO fixed-VM shared libraries (from NEXTSTEP)... 

-Chuck

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: