From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 2716 invoked by alias); 25 Sep 2006 23:21:38 -0000 Received: (qmail 2662 invoked by uid 48); 25 Sep 2006 23:21:30 -0000 Date: Mon, 25 Sep 2006 23:21:00 -0000 Subject: [Bug target/29231] New: powerpc libgcc writes code to the stack X-Bugzilla-Reason: CC Message-ID: Reply-To: gcc-bugzilla@gcc.gnu.org To: gcc-bugs@gcc.gnu.org From: "debian-gcc at lists dot debian dot org" Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2006-09/txt/msg02416.txt.bz2 List-Id: [forwarded from http://bugs.debian.org/382746] reported for 4.1 SVN 20060608, Matthias __trampoline_setup in /lib/libgcc_s.so.1 puts code on the stack. This contributes to insecurity on powerpc. A half-way fix is to mmap a page for this evil crud. This still violates good practice, needing the OS to allow either write+execute or a dangerous transition from write to execute. It'd be an improvement though. Doing write+execute may be better, allowing the OS to locate the page within a segment (256 MiB chunk on PowerPC) which already has executable pages. A better method would be to supply a page full of trampoline functions in libgcc. Each function would: 1. examine its own address 2. map from the page of code to a page of data 3. use that data to implement the trampoline Trampoline setup would thus involve filling in the data and choosing the matching function to use. Once libgcc stops putting code on the stack, gcc needs to mark all executables as not requiring an executable stack. -- Summary: powerpc libgcc writes code to the stack Product: gcc Version: 4.1.2 Status: UNCONFIRMED Severity: normal Priority: P3 Component: target AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: debian-gcc at lists dot debian dot org GCC target triplet: powerpc-linux-gnu http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29231