Re: Secure 2.4.x kernel
On Saturday, December 22, 2001, at 07:22 , System Administrator wrote:
The assembly statement "jsr" (jump to subroutine) puts the
return address
on the same stack, where space for local variables is reserved.
Local variables, parameters, temporaries, etc. Yes, it's all the
same stack on every architecture I've seen.
So one solution is to seperate these stacks. So it's more a "problem"
of the C-Compiler (and the number of Address-Register of the CPU and
memory).
Some CISC processors have various hardware encouragements to do
it this way. For example, the M68K had a return and deallocate
instruction (rtd, if I remember), which used the frame and stack
pointers.
Also, when you look at how memory is laid out, having two stacks
is problematic. Under linux, it looks like this:
-------- -------
| KERNEL | | stack | <---- grows downward
|--------| -------
| |
| user | ----> -------
| | | brk | <---- grows upward
-------- -------
Stacks, in general, grow downward. So you'd need to further
split the process memory area, leaving even less precious
address space for malloc and friends. Even if you could make one
grow upward (PowerPC, for example, doesn't know about the stack)
you'd have to worry about collisions again.
So, you'd wind up with less address space. Might have some minor
cache penalties. Other than the slight implementation detail of
modifying everything, breaking all ABI's, it'd probably work.
1) Is my problem description right ?
That is one type of stack attack, and a major one.
2) On other plattforms (for example on the newer plattforms like ia64)
are there seperate stacks ?
No.
3) Why is this not done on the "0x86"-Plattform ?
Not done anywhere, AFAIK.
IMO, this is a very interesting idea! Has anyone tried this? Any
research papers, links, etc?
Reply to: