Rahmat,
Thank you for your questions about stacks.
Since the virtual memory management unit defines which segments are and
are not executable, I think it is best to think of the stack as the
memory which has been allocated to the MMU's "stack segment" instead of
in terms of particular registers.
It turns out that the i386 MMU does have provisions for nonexecutable
segments, and such safeguards for the stack are implemented in certain
patches to Linux. However, those patches break certain features of
the GDB debugger, so they are not popular. Also, it is rumored that
certain unix signaling packages push legitimate code on to the stack,
but they are sloppy, because there is a miniscule efficiency advantage
to doing so, and the pitfalls are very bad. (Every fixed-length buffer
becomes a potential security exploit.)
Maybe someone at Microsoft can tell us what happens to Windows when
the stack segment is marked non-executable. Does anything break? At
least the CodeRed worm would break, along with similar stack exploits.
Cheers,
James
Date: Tue, 31 Jul 2001 09:15:54 +0700
From: "Rahmat M. Samik-Ibrahim" <rms46(_at_)vlsm(_dot_)org>
To: MILIS Internet History <internet-history(_at_)postel(_dot_)org>
CC: "James P. Salsman" <bovik(_at_)best(_dot_)com>
Subject: OOT: What is a stack?
Hello:
I have no idea where to follow up this issue; hopefully this
list is the best fit.
James P. Salsman wrote on the IETF list:
Speaking of prevention measures, is there anything in
i386 architecture which can prevetn execution of code
on the stack, or is that exclusive to SPARCitecture?
I am not familiar with SPARC, cmiiw, it uses 32 multipurpose
registers with a sliding window. Therefore, what is exactly
"prevent execution of code on the stack" ?
Speaking of stack history, how many processors that actually
call one of its register as a "stack pointer"? Intel 8XXX,
Zilog, what else?
How about PDP-11, does R5 count as a stack pointer?
How about HP-1000, where a return address was stored
in the front of a subroutine (Jump save address)?
regards,
--
Rahmat M. Samik-Ibrahim - VLSM-TJT - http://rms46.vlsm.org
- Hi! How are you? I send you this in order to have advice