Re: executable stacks, a few suggetions

H. Peter Anvin (hpa@transmeta.com)
Mon, 14 Apr 1997 10:06:33 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alain Knaff: "Re: Eject of floppy"
Previous message: Steve McIntyre: "Re: Question on BogoMIPS"
In reply to: bofh@snoopy.virtual.net.au: "Re: executable stacks, a few suggetions"
Next in thread: =?ISO-8859-1?Q?Johan_Myr=E9en?=: "Re: executable stacks, a few suggetions"
Reply: =?ISO-8859-1?Q?Johan_Myr=E9en?=: "Re: executable stacks, a few suggetions"

> I've sent a private Email to David suggesting that this feature
> could be enabled only when running with root privs (making it
> SUID/SGID only is not enough as a SUID program could run dozens of
> other programs which may be buggy). Then even if the feature was
> totally incompatible with Objective C (not that it is) this wouldn't
> be a problem as AFAIK no-one uses O-C to write system programs or
> other programs which need to run as root. It has also just occurred
> to me that we could have a tunable under /proc to specify the
> highest UID that is used for such checking. I have web servers and
> other servers running with UIDs < 100 so I'd set it to 100. Then my
> web server would be more secure and users could run what they want.

What if there was a system call to turn OFF stack exec permissions,
permanently (but on a per-process basis, cancelling upon exec())? The
system call could even include passing an area for the kernel to use
for the signal handling trampoline.

It would require a mod to get the benefit out of the servers, but it
may be the cleanest way to do it.

-hpa

Next message: Alain Knaff: "Re: Eject of floppy"
Previous message: Steve McIntyre: "Re: Question on BogoMIPS"
In reply to: bofh@snoopy.virtual.net.au: "Re: executable stacks, a few suggetions"
Next in thread: =?ISO-8859-1?Q?Johan_Myr=E9en?=: "Re: executable stacks, a few suggetions"
Reply: =?ISO-8859-1?Q?Johan_Myr=E9en?=: "Re: executable stacks, a few suggetions"