DragonFly BSD
DragonFly kernel List (threaded) for 2003-09
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Anyone protecting the stack?


From: Bill Huey (hui) <billh@xxxxxxxxxxxxxxxxx>
Date: Thu, 18 Sep 2003 18:28:41 -0700

On Thu, Sep 18, 2003 at 06:15:12PM -0700, Kip Macy wrote:
> Anything doing dynamic translation is going to need to generate and
> execute code outside of its code segment. I don't know this for sure,
> but probably even VMWare does this as there are a number of privileged
> x86 instructions that don't trap. I would probably just make it 
> controlled by a securelevel or sysctl. How many people want to run java
> on a locked down machine? Those select few could just disable it at
> kernel configure time.

Java is a pretty secure inside the VM core itself. It's when you start
executing stuff in supporting libraries that might trigger overflows, so
any kind of stack protection is going to have limited value to a system
as reliable as that.  But you're right, JITs violate this all the time
with by storing tons of code basic blocks in some kind of manually
allocated storage.

IMO, the Java/HotSpot VM case isn't worth it.

bill




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]