Date: Sat, 30 Aug 2003 19:38:09 -0400 From: Leo Bicknell <bicknell@ufp.org> To: freebsd-hackers@freebsd.org Subject: Re: Non-executable mappings now in NetBSD too Message-ID: <20030830233809.GA45579@ussenterprise.ufp.org> In-Reply-To: <20030830230628.98508.qmail@web13406.mail.yahoo.com> References: <20030830221458.GC85746@cirb503493.alcatel.com.au> <20030830230628.98508.qmail@web13406.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--+QahgC5+KEYLbs62
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Sun, Aug 31, 2003 at 12:06:28AM +0100, Pedro F. Gif=
funi wrote:
> Well, we only have a JIT JVM for the i386, and on the particular case of =
the
> i386 we cannot enforce full protection anyways so there is probably a
> workaround if we do need it.=20
I'm not sure I want to suggest this, as I can't decide if it's a
"hack" or a good solution. I'm feeling bold though, so I'll throw
it out there. Honestly, I don't know the kernel internals enough
to know if this would eliminate the problem.
Could a new malloc (and friends) set of functions be defined, for
argument I'll call them "emalloc" that executes memory that is
executable? The JIT type apps could use that for the instructions
(and the instructions only) allowing them to be executable, and all
existing code would continue to be executable.
Seems like this would protect all existing code, and give a nice way for
the apps that need it to "label" to executable bits outright, so they
both don't loose functionality but also so the execute right is tightly
scoped.
Note, I do understand you can do this with syscall wrappers, but that
seems to introduce a performance penalty no one likes. Wrappering it in
a new malloc (sbrk?) interface to the kernel might allow the same thing
with much less penalty.
Of course, we'd need multiple platforms to make developers use it.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
--+QahgC5+KEYLbs62
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE/UTVhNh6mMG5yMTYRAgBbAJ4zIfIAeLGNy3YIkYfxD+r4g4ZR0QCffqGY
2EIgcCof9kpgH+BlJ6T00/I=
=vCEH
-----END PGP SIGNATURE-----
--+QahgC5+KEYLbs62--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030830233809.GA45579>