In reality, there're some problems with my patch:
-- stack execution permission is not enabled when returning to the stack
from a syscall (this shows up when you type 'print f()' in gdb, where f()
is a function in the program being traced);
-- the check in the GPF handler is not strict enough, making it still
possible to fool around with it in exploits, if the program being exploited
contains some suitable code in it (actually, the problem is that the size
of such code is too small, and it's likely to be there occasionally) --
I wonder why did noone notice that (I finally did myself).
Both are my particular implementation's problems, and I fixed them already
in the patch I'm running right now while typing this message. I'll be posting
it soon, but not right now just in case more problems are reported, to avoid
flooding with multiple versions. Will write more comments on the second
problem I mentioned, with the patch.
Signed,
Solar Designer