On Mon, 18 Aug 2003 pageexec (at) freemail (dot) hu [email concealed] wrote:
> > Anyways, on an i386 you can do W^X somewhat. Not as perfectly as you
> > can on cpus that have a per-page X bit...
>
> You are wrong again, PaX provides perfect per-page non-executable pages
> using segmentation (SEGMEXEC), there are no restrictions on the ordering
> of data/code pages like in OpenBSD.
>
BTW: have anyone tried to talk wih Linus about implementing some PaX (or
even GR) functionality in official Kernels?
I know that the argument for not implementing Solar Designer's
nonexecutable stack patch in official kernel was that it is easily
bypassable, so what about PaX???
I hate seeing GOT and other segments rwx nowdays (while it's marked as r-x
it IS executable).
--
Mariusz Wo³oszyn
Internet Security Specialist, GTS - Internet Partners
> > Anyways, on an i386 you can do W^X somewhat. Not as perfectly as you
> > can on cpus that have a per-page X bit...
>
> You are wrong again, PaX provides perfect per-page non-executable pages
> using segmentation (SEGMEXEC), there are no restrictions on the ordering
> of data/code pages like in OpenBSD.
>
BTW: have anyone tried to talk wih Linus about implementing some PaX (or
even GR) functionality in official Kernels?
I know that the argument for not implementing Solar Designer's
nonexecutable stack patch in official kernel was that it is easily
bypassable, so what about PaX???
I hate seeing GOT and other segments rwx nowdays (while it's marked as r-x
it IS executable).
--
Mariusz Wo³oszyn
Internet Security Specialist, GTS - Internet Partners
[ reply ]