public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "debian-gcc at lists dot debian dot org" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug target/29231]  New: powerpc libgcc writes code to the stack
Date: Mon, 25 Sep 2006 23:21:00 -0000	[thread overview]
Message-ID: <bug-29231-5724@http.gcc.gnu.org/bugzilla/> (raw)

[forwarded from http://bugs.debian.org/382746]

reported for 4.1 SVN 20060608,

  Matthias

__trampoline_setup in /lib/libgcc_s.so.1 puts code on the stack.

This contributes to insecurity on powerpc.

A half-way fix is to mmap a page for this evil crud.
This still violates good practice, needing the OS to
allow either write+execute or a dangerous transition
from write to execute. It'd be an improvement though.
Doing write+execute may be better, allowing the OS
to locate the page within a segment (256 MiB chunk
on PowerPC) which already has executable pages.

A better method would be to supply a page full of
trampoline functions in libgcc. Each function would:

1. examine its own address
2. map from the page of code to a page of data
3. use that data to implement the trampoline

Trampoline setup would thus involve filling in the
data and choosing the matching function to use.

Once libgcc stops putting code on the stack, gcc
needs to mark all executables as not requiring an
executable stack.


-- 
           Summary: powerpc libgcc writes code to the stack
           Product: gcc
           Version: 4.1.2
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: target
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: debian-gcc at lists dot debian dot org
GCC target triplet: powerpc-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29231


             reply	other threads:[~2006-09-25 23:21 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-09-25 23:21 debian-gcc at lists dot debian dot org [this message]
2006-09-25 23:53 ` [Bug middle-end/29231] need a way to produce trampolines not on " pinskia at gcc dot gnu dot org
2006-09-26  0:44 ` geoffk at gcc dot gnu dot org
2006-09-26  4:06 ` acahalan at gmail dot com
2009-01-01 21:25 ` pinskia at gcc dot gnu dot org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-29231-5724@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).