From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 110598 invoked by alias); 3 May 2016 21:28:36 -0000 Mailing-List: contact libffi-discuss-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libffi-discuss-owner@sourceware.org Received: (qmail 109472 invoked by uid 89); 3 May 2016 21:28:36 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=vulnerabilities, H*Ad:U*libffi-discuss, secure, HTo:U*libffi-discuss X-HELO: mail-yw0-f170.google.com Received: from mail-yw0-f170.google.com (HELO mail-yw0-f170.google.com) (209.85.161.170) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-GCM-SHA256 encrypted) ESMTPS; Tue, 03 May 2016 21:28:35 +0000 Received: by mail-yw0-f170.google.com with SMTP id t10so47324130ywa.0 for ; Tue, 03 May 2016 14:28:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:subject:from:to:date:mime-version :content-transfer-encoding; bh=k4sN7jd5RDTg8twCOVg6smzyOzNa8S9Eq2U3THEca9g=; b=T6oBEbvn8u3zfYWQzPy3MKYMx8t79g9OTRRnb3jjCepi1xghPj+XRjFXLRs0UFUYvL uFhiWFh7WDpbPxLu35PJGBqeLpjhEfUteZERZjaqpTF3D29XNKR7vfTlR23diqgRTYcp LBhl0oicDZxvYgnVpPFmCEeqtk8Cz6wKDLBR1Ci+dme5j3B7WgCzaKwNE87mLZwhvdKe nwOzD8XmdDFGS/7JnkSkPLfG728rMedGBF5iREkfSRQKL2p0m+7FJ9OhNcresSJSkDF3 xlR79NCkSw5BsPREbHYNZj/AVKd6/4w6Xr0aG3Vy2Ui6I2lxH0jm63l/0StaahLsqD/w XBtA== X-Gm-Message-State: AOPr4FVxVntearsuPXf4qxL+SQgwGx80NMJUOr5/zOwXcp15pbGBVdfEsWA6a0xzbUfqgw== X-Received: by 10.13.243.5 with SMTP id c5mr2974079ywf.40.1462310913068; Tue, 03 May 2016 14:28:33 -0700 (PDT) Received: from localhost.hsd1.tn.comcast.net (c-73-190-149-30.hsd1.tn.comcast.net. [73.190.149.30]) by smtp.googlemail.com with ESMTPSA id d184sm281478ywb.49.2016.05.03.14.28.31 for (version=TLSv1/SSLv3 cipher=OTHER); Tue, 03 May 2016 14:28:32 -0700 (PDT) Message-ID: <1462310910.16919.2.camel@gmail.com> Subject: Avoid stack/heap executable memory From: Demi Obenour To: libffi-discuss@sourceware.org Date: Tue, 03 May 2016 21:28:00 -0000 Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-SW-Source: 2016/txt/msg00017.txt.bz2 mmap() is the only (reasonably) portable and secure way to get executable memory.  An executable stack or heap makes exploiting vulnerabilities much easier. How difficult would this be to implement?