Re: executable stacks, a few suggetions

H. Peter Anvin (
Mon, 14 Apr 1997 10:06:33 -0700 (PDT)

> I've sent a private Email to David suggesting that this feature
> could be enabled only when running with root privs (making it
> SUID/SGID only is not enough as a SUID program could run dozens of
> other programs which may be buggy). Then even if the feature was
> totally incompatible with Objective C (not that it is) this wouldn't
> be a problem as AFAIK no-one uses O-C to write system programs or
> other programs which need to run as root. It has also just occurred
> to me that we could have a tunable under /proc to specify the
> highest UID that is used for such checking. I have web servers and
> other servers running with UIDs < 100 so I'd set it to 100. Then my
> web server would be more secure and users could run what they want.

What if there was a system call to turn OFF stack exec permissions,
permanently (but on a per-process basis, cancelling upon exec())? The
system call could even include passing an area for the kernel to use
for the signal handling trampoline.

It would require a mod to get the benefit out of the servers, but it
may be the cleanest way to do it.