[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Exec-Shield vs. PaX

On Wed, 5 Nov 2003, Peter Busser wrote:

> It is in fact a simulation of a multithreaded application. [...]

The test incorrectly assumes that thread stacks are executable. I suspect
we both agree that it's desirable to have thread stacks non-executable as

> I objected to adding tests that include a multi- threaded library,
> because the library might interfere with the results of the test.

in fact it's desirable to properly have the same 'effect' a pthread
library has - after all that 'effect' might have security relevance. The
best way to do that is to use the threading library used by virtually all 
applications on the box where the test is running: -lpthread.

> [...] Feel free to submit tests yourself, I'll add any sensible test.

yep, proper threaded test added. This should put this episode to rest.


diff -rNu paxtest-0.9.5/body.c paxtest-0.9.5/body.c
--- paxtest-0.9.5/body.c
+++ paxtest-0.9.5/body.c
@@ -13,6 +13,13 @@
 #include <signal.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <pthread.h>
+static void *test_thread(void *p)
+    pause();
+    return NULL;
 #ifndef PAGESIZE
 #define PAGESIZE	(4096)
@@ -29,8 +36,13 @@
 	fflush( stdout );
 	if( fork() == 0 ) {
-		do_mprotect((unsigned long)argv & ~4095U, 4096, PROT_READ|PROT_WRITE|PROT_EXEC);
+		pthread_t thread;
+		pthread_create(&thread, NULL, test_thread, NULL);
+		pthread_kill(&thread, SIGTERM);
 	} else {
 		wait( &status );
 		if( WIFEXITED(status) == 0 ) {
diff -rNu paxtest-0.9.5/Makefile.generic paxtest-0.9.5/Makefile.generic
--- paxtest-0.9.5/Makefile.generic
+++ paxtest-0.9.5/Makefile.generic
@@ -2,7 +2,7 @@
 ifndef RUNDIR

Reply to: