[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: Apache WebServer on OpenBSD 3.1
From:       Dave Feustel <dfeustel () mindspring ! com>
Date:       2002-10-14 21:47:31
[Download RAW message or body]

On Monday 14 October 2002 09:30 pm, Theo de Raadt wrote:
> > > I'd wait for the 3.2 release which is due on Nov, 1st [1]. The OpenBSD
> > > team has hardened the base installation of Apache since 3.1 thru
> > > chrooting it and 3.2 will also feat a non-exec stack which can
> > > significantly help against buffer overflows and such.
> >
> > Is non-exec stack going to be for just sparc, or for all arch's?
> > Specifically i386.
> >
> > I only heard about sparc.
>
> I thought I had explained this before.
>
> Different architectures allow us to do different levels of protection.
>
> On some -- like sparc, sparc64, and alpha -- we can do per-page
> protection.  On the stack, for sure.  But we also try to do it on the
> userland bss & data zones.  And that includes malloc space.
>
> On others -- powerpc -- we only have such control over much much larger
> blocks of memory.
>
> On others -- like i386 -- we can only set a line in memory above which
> code cannot be executed.  That sure sucks.  So we cannot do it on bss or
> data.

The AMD Hammer page table entries contain a bit which determines whether
code can be executed in a given page or set of pages. It looks to me as though
this option applies in 32-bit mode as well as 64-bit mode.  Of course, this 
will be moot if AMD folds before Hammer makes it out the door.

Dave Feustel

[prev in list] [next in list] [prev in thread] [next in thread]