This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Get libffi closures to cope with SELinux execmem/execmod

From: Andrew Pinski <pinskia at physics dot uc dot edu>
To: aoliva at redhat dot com (Alexandre Oliva)
Cc: ddaney at avtrex dot com (David Daney), aph at redhat dot com (Andrew Haley), green at redhat dot com, Hans dot Boehm at hp dot com (Hans Boehm), gcc-patches at gcc dot gnu dot org, java-patches at gcc dot gnu dot org
Date: Fri, 26 Jan 2007 02:29:08 -0500 (EST)
Subject: Re: Get libffi closures to cope with SELinux execmem/execmod

> 
> On Jan 25, 2007, David Daney <ddaney@avtrex.com> wrote:
> 
> > I guess Alexandre should commit the patch.  We are still using GCC
> > 3.4.3 for 'production' code, so it does not immediately affect us.  I
> > may prepare a patch in the future for a configure option
> 
> Sounds like a fair compromise, thanks
> 
> > that reduces the code size if there is an executable stack.
> 
> Note that this is not just about executable stack, it's about not
> turning writable memory into executable memory, so as to remedy a
> large class of security exploits.

I think people are over doing security exploits thing.  Basically
there are less than .01% of todays population who will even
exploit an issue.  Even then the executable stack is not really
a problem if you have bounds checking and checking the input of
what goes on the stack for execution.

So I think making the stack non exectuable is the wrong approach
of fixing these security exploits.

Thanks,
Andrew Pinski

References:
- Re: Get libffi closures to cope with SELinux execmem/execmod
  - From: Alexandre Oliva

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]