[PATCH] no-execute -- please test

Albert Cahalan acahalan at gmail.com
Mon Aug 14 14:33:30 EST 2006

On 8/14/06, Paul Mackerras <paulus at samba.org> wrote:
> Albert Cahalan writes:
> > If you want heap protection, change VM_DATA_DEFAULT_FLAGS32
> > in include/asm-powerpc/page.h to be like VM_STACK_DEFAULT_FLAGS.
> > I'd love to hear if anybody can get X to start with this change.
> In general I would expect dynamically-linked programs to fail unless
> you compile everything with gcc -msecure-plt.

I wouldn't, unless they are also buggy. The PLT should be
marked for full rwx permissions. Enforcing W^X is another
matter entirely of course.

For me, X is the only observed failure with that extra change.
I successfully got to a console, did a bit of exploring at the
command prompt, watched X go to the stiple background
before shutting down in an orderly fashion, and rebooted.
Perhaps do_brk could get a third argument to specify the
caller, so that VM_EXEC could be cleared for some callers.
Then again, pretending to be a Vista developer, I could just
have the kernel recognize the buggy X server.

Other notes:

For maximum benefit, shared objects should be built such
that the executable part can be mapped without any
relation to the other parts. The next best thing would be
to have the executable parts start 256 MiB above where
the other parts start. This allows randomization to be
added without causing loss of no-execute capability.

We need a new gcc default: -msecure-plt -pie -fPIE

More information about the Linuxppc-dev mailing list