Hi; I know everyone is busy with the upcoming release, but JIC someone is interested on this, I found this recent progress report post on NetBSD's lists: ______ Subject: more on non-executable mappings To: None <tech-kern_at_netbsd.org> From: Chuck Silvers <chuq_at_chuq.com> List: tech-kern Date: 11/28/2003 11:57:21 I'm getting back to looking at the rest of the non-executable mapping work from openbsd. (well, really this goes beyond that, to what they're calling "W^X", meaning that any given part of the user address space should not be both writable and executable.) the remaining items are: (1) update the kernel ELF code to handle more than 2 PT_LOAD sections. (2) change the linker to put the PLT, GOT and rodata into their PT_LOAD sections so that they can have different permissions than the existing "text" and "data" load sections. (3) change the runtime linker to use mprotect() to enable write access to the PLT only when needed, leaving it read-only the rest of the time. (4) other MD issues with kernel support for non-executable mappings (a) i386 currently only supports non-execute for the part of the address space where the traditional unix stack lives. this doesn't do anything for the data or bss sections, or the heap or mmap()d files (eg. shared libraries), or pthread stacks. the openbsd guys rearranged their user address space layout on i386 fairly drastically to put all the executable mappings below a certain threshold. (b) powerpc OEA hardware only supports execute permissions at a segment (256MB) granularity. ideally we would rearrange the user address space layout here as well to put all the executable mappings down in segment 0 in the usual case. the first of these should be non-controversial and I have attached a patch which implements it. I'll commit it in a week or so if there are no objections. as for the other items, I'd like opinions on whether or not we want them, and if we do, how we might achieve them with the fewest headaches. -Chuck -------- The patch is here: http://mail-index.netbsd.org/tech-kern/2003/11/28/0019.html ___________________ FWIW, I posted the CVS commit log of the initial work on the -hackers list some time ago. cheers, Pedro. ps. I attempted to post this on -security but there was some error on my side of the network. ________________________________________________________________________ Download Yahoo! Messenger now for a chance to win Live At Knebworth DVDs http://www.yahoo.co.uk/robbiewilliamsReceived on Sun Nov 30 2003 - 11:46:11 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:31 UTC