This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: Get libffi closures to cope with SELinux execmem/execmod
- From: Andrew Pinski <pinskia at physics dot uc dot edu>
- To: aoliva at redhat dot com (Alexandre Oliva)
- Cc: ddaney at avtrex dot com (David Daney), aph at redhat dot com (Andrew Haley), green at redhat dot com, Hans dot Boehm at hp dot com (Hans Boehm), gcc-patches at gcc dot gnu dot org, java-patches at gcc dot gnu dot org
- Date: Fri, 26 Jan 2007 02:29:08 -0500 (EST)
- Subject: Re: Get libffi closures to cope with SELinux execmem/execmod
>
> On Jan 25, 2007, David Daney <ddaney@avtrex.com> wrote:
>
> > I guess Alexandre should commit the patch. We are still using GCC
> > 3.4.3 for 'production' code, so it does not immediately affect us. I
> > may prepare a patch in the future for a configure option
>
> Sounds like a fair compromise, thanks
>
> > that reduces the code size if there is an executable stack.
>
> Note that this is not just about executable stack, it's about not
> turning writable memory into executable memory, so as to remedy a
> large class of security exploits.
I think people are over doing security exploits thing. Basically
there are less than .01% of todays population who will even
exploit an issue. Even then the executable stack is not really
a problem if you have bounds checking and checking the input of
what goes on the stack for execution.
So I think making the stack non exectuable is the wrong approach
of fixing these security exploits.
Thanks,
Andrew Pinski