Get libffi closures to cope with SELinux execmem/execmod
Andrew Pinski
pinskia@physics.uc.edu
Fri Jan 26 07:28:00 GMT 2007
>
> On Jan 25, 2007, David Daney <ddaney@avtrex.com> wrote:
>
> > I guess Alexandre should commit the patch. We are still using GCC
> > 3.4.3 for 'production' code, so it does not immediately affect us. I
> > may prepare a patch in the future for a configure option
>
> Sounds like a fair compromise, thanks
>
> > that reduces the code size if there is an executable stack.
>
> Note that this is not just about executable stack, it's about not
> turning writable memory into executable memory, so as to remedy a
> large class of security exploits.
I think people are over doing security exploits thing. Basically
there are less than .01% of todays population who will even
exploit an issue. Even then the executable stack is not really
a problem if you have bounds checking and checking the input of
what goes on the stack for execution.
So I think making the stack non exectuable is the wrong approach
of fixing these security exploits.
Thanks,
Andrew Pinski
More information about the Java-patches
mailing list