[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-misc
Subject: Re: Apache WebServer on OpenBSD 3.1
From: Dave Feustel <dfeustel () mindspring ! com>
Date: 2002-10-14 21:47:31
[Download RAW message or body]
On Monday 14 October 2002 09:30 pm, Theo de Raadt wrote:
> > > I'd wait for the 3.2 release which is due on Nov, 1st [1]. The OpenBSD
> > > team has hardened the base installation of Apache since 3.1 thru
> > > chrooting it and 3.2 will also feat a non-exec stack which can
> > > significantly help against buffer overflows and such.
> >
> > Is non-exec stack going to be for just sparc, or for all arch's?
> > Specifically i386.
> >
> > I only heard about sparc.
>
> I thought I had explained this before.
>
> Different architectures allow us to do different levels of protection.
>
> On some -- like sparc, sparc64, and alpha -- we can do per-page
> protection. On the stack, for sure. But we also try to do it on the
> userland bss & data zones. And that includes malloc space.
>
> On others -- powerpc -- we only have such control over much much larger
> blocks of memory.
>
> On others -- like i386 -- we can only set a line in memory above which
> code cannot be executed. That sure sucks. So we cannot do it on bss or
> data.
The AMD Hammer page table entries contain a bit which determines whether
code can be executed in a given page or set of pages. It looks to me as though
this option applies in 32-bit mode as well as 64-bit mode. Of course, this
will be moot if AMD folds before Hammer makes it out the door.
Dave Feustel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic