DragonFly commits List (threaded) for 2003-12
Re: cvs commit: src/contrib/gcc protector.c protector.h Makefile.in calls.c combine.c cse.c explow.c expr.c flags.h function.c gcse.c integrate.c libgcc2.c loop.c optabs.c reload1.c toplev.c src/gnu/usr.bin/cc/cc_int Makefile
Craig Dooley wrote:
One thing that comes to mind is a lot of the games that have been ported
Yes, you can still put stuff on the heap and jump there, and you can
still smash the stack if you're lucky. OpenBSD W^X just plays games
with Intel segmentation, but can still be used to do wierd things, such
as change the stack, and the return address to libc exec if you could
figure it out. AMD64 has non-executable page protections, and this
should help, but a canary still provided more protection than nothing.
will jump and execute functions for entering the registration keys for
on the stack and other wired things that OpenBSD's W^X break.
People have been running different types of non-exec stack/heaps for
and about every six months a paper is released on how to by-pass the
I personally think spending much time trying to "protect" the ia32
meaningless, until registers are added to the chip to mark pages as