[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Secure 2.4.x kernel

On Saturday, December 22, 2001, at 07:22 , System Administrator wrote:

The assembly statement "jsr" (jump to subroutine) puts the return address
on the same stack, where space for local variables is reserved.

Local variables, parameters, temporaries, etc. Yes, it's all the same stack on every architecture I've seen.

So one solution is to seperate these stacks. So it's more a "problem"
of the  C-Compiler (and the number of Address-Register of the CPU and

Some CISC processors have various hardware encouragements to do it this way. For example, the M68K had a return and deallocate instruction (rtd, if I remember), which used the frame and stack pointers.

Also, when you look at how memory is laid out, having two stacks is problematic. Under linux, it looks like this:

   --------         -------
  | KERNEL |       | stack | <---- grows downward
  |--------|        -------
  |        |
  |  user  | ---->  -------
  |        |       |  brk  | <---- grows upward
   --------         -------

Stacks, in general, grow downward. So you'd need to further split the process memory area, leaving even less precious address space for malloc and friends. Even if you could make one grow upward (PowerPC, for example, doesn't know about the stack) you'd have to worry about collisions again.

So, you'd wind up with less address space. Might have some minor cache penalties. Other than the slight implementation detail of modifying everything, breaking all ABI's, it'd probably work.

1) Is my problem description right ?

That is one type of stack attack, and a major one.

2) On other plattforms (for example on the newer plattforms like ia64)
   are there seperate stacks ?


3) Why is this not done on  the "0x86"-Plattform ?

Not done anywhere, AFAIK.

IMO, this is a very interesting idea! Has anyone tried this? Any research papers, links, etc?

Reply to: