"John Yates" <jyates@xxxxxxxxxxx> writes: > Wednesday, December 28, 2005 7:51 AM mgerards@xxxxxxxxx wrote: > > > The second problem is caused because some OS'es have no executable > > stack. Redhat even removes the nested functions from our code so it > > builds for them. But of course it would be better for all of our > > users if it just works. > > Is it not the case that building the trampoline on the stack is > simply an efficiency issue, akin to alloca versus malloc? Surely, > at least in C++ with support for calling destructors, trampolines > could be build on the heap. Trampolines could certainly be built on the heap. But the heap is not normally executable. So you have to use an mprotect system call to make the heap executable. More seriously, the reason to not have an executable stack is to avoid certain types of buffer flow attacks. If you believe that is a good reason, then you should also not have an executable heap. An executable heap is slightly harder to exploit than an executable stack, but not all that much harder. In general the only reason to make the stack non-executable is to prevent certain types of attacks. To prevent those types of attacks, you must not permit any memory to be both writable and executable. So building trampolines on the heap instead of the stack is not really an improvement. Ian
