> Doesn't that eliminate most stack smashing exploits?
> You can only hit function pointers, not the return address.
> Most overwrites would fill empty stack space until the
> stack limit is exceeded.
>
> This looks better than preventing stack execution.
>
> With the PowerPC binary compatibility, that would mean
> the stack grows up on normal PowerMac Linux too, right?
No, it grows down on all PPC API I know of (SYSV and PowerOpen).
> I think I recall a flag in the Intel CPU to do that too.
You are probably getting confused by the expand-down flag in the segment
descriptors. It just controls whether the valid address are either between
0 and the limit or between the limit and the maximum size. On Intel
the stack grows down (pushes and calls decrement the stack pointer, pops
and ret increment it).
Gabriel.