[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Exec-Shield vs. PaX

> > It is in fact a simulation of a multithreaded application. [...]
> The test incorrectly assumes that thread stacks are executable. I suspect
> we both agree that it's desirable to have thread stacks non-executable as
> well.

while i agree with you on this one, it is in stark contrast to what you
said earlier:

> there's nothing wrong about an executable stack though. It's been part of
> Linux ever since.

also, the test does not only demonstrate that thread stacks are executable
or not, it demonstrates a fundemental design flaw in Exec-Shield: whenever
an executable region is created in the address space, *everything* below
that becomes executable as well. i believe it is important that Exec-Shield
users are aware of this flaw, could you write a test for this as well please?

Reply to: