Re: [PROPOSAL/PATCH] Remove PT_GNU_STACK support before 2.6.11

[Arjan van de Ven]

On Sun, 2005-02-06 at 09:08 -0800, Linus Torvalds wrote:
> 
> On Sun, 6 Feb 2005, Andi Kleen wrote:
> > 
> > Force READ_IMPLIES_EXEC for all 32bit processes to fix
> > the 32bit source compatibility.
> 
> Andi, stop this. We're _not_ going to say "32-bit executables don't need 
> PROT_EXEC. The executables would need to be marked broken per-executable, 
> not some kind of "we don't do this globally" setting.


marking PT_GNU_STACK as RWE would be an acceptable marking imo; one can
insert such a marking post build (via the execstack tool), and during
the build with either an addition to the cflags or via a one line code
addition. 

In addition there are runtime markings; you can use setarch to start an
application with READ-IMPLIES-EXEC set (although you can't do that for
setuid binaries for obvious reasons)

Note that these techniques all exist today. The only issue is that the
current code doesn't do the RWE->READIMPLIESEXEC binding, which my patch
fixed. 



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/