Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Execute and no-execute

1 view
Skip to first unread message

Tim Streater

unread,
Nov 29, 2009, 9:28:13 AM11/29/09
to
Anyone know whether OS X implements no-execute space? So that e.g. you
can't overwrite the stack and then execute it, 'cos all user stacks are
in no-execute space?

I'm given to understand that processors these days have the capability -
but is it used by the OS?

--
Tim

"That excessive bail ought not to be required, nor excessive fines
imposed, nor cruel and unusual punishments inflicted"

Bill of Rights 1689

Chris Ridd

unread,
Nov 29, 2009, 10:05:04 AM11/29/09
to
On 2009-11-29 14:28:13 +0000, Tim Streater said:

> Anyone know whether OS X implements no-execute space? So that e.g. you
> can't overwrite the stack and then execute it, 'cos all user stacks are
> in no-execute space?
>
> I'm given to understand that processors these days have the capability
> - but is it used by the OS?

It does implement it, it is one of the flags in Mach-O files. According
to <mach-o/loader.h> you have to explicitly opt out to get NX disabled:

> #define MH_ALLOW_STACK_EXECUTION 0x20000/* When this bit is set, all stacks
> in the task will be given stack
> execution privilege. Only used in
> MH_EXECUTE filetypes. */

A quick glance around using "otool -arch all -hv" on a few executables
suggests nothing specifies MH_ALLOW_STACK_EXECUTION.

Dunno about executable heaps.
--
Chris

Richard Tobin

unread,
Nov 29, 2009, 10:23:21 AM11/29/09
to
In article <6NKdnTKNqLBgGY_W...@brightview.co.uk>,
Tim Streater <timst...@waitrose.com> wrote:

>I'm given to understand that processors these days have the capability -

Processors 20 years ago had the capability - except for the Intel x86
family.

-- Richard
--
Please remember to mention me / in tapes you leave behind.

Tim Streater

unread,
Nov 29, 2009, 10:54:44 AM11/29/09
to
On 29/11/2009 15:05, Chris Ridd wrote:
> On 2009-11-29 14:28:13 +0000, Tim Streater said:
>
>> Anyone know whether OS X implements no-execute space? So that e.g. you
>> can't overwrite the stack and then execute it, 'cos all user stacks
>> are in no-execute space?
>>
>> I'm given to understand that processors these days have the capability
>> - but is it used by the OS?
>
> It does implement it, it is one of the flags in Mach-O files. According
> to <mach-o/loader.h> you have to explicitly opt out to get NX disabled:

How about Windows & Linux?

Chris Ridd

unread,
Nov 29, 2009, 11:14:49 AM11/29/09
to
On 2009-11-29 15:54:44 +0000, Tim Streater said:

> On 29/11/2009 15:05, Chris Ridd wrote:
>> On 2009-11-29 14:28:13 +0000, Tim Streater said:
>>
>>> Anyone know whether OS X implements no-execute space? So that e.g. you
>>> can't overwrite the stack and then execute it, 'cos all user stacks
>>> are in no-execute space?
>>>
>>> I'm given to understand that processors these days have the capability
>>> - but is it used by the OS?
>>
>> It does implement it, it is one of the flags in Mach-O files. According
>> to <mach-o/loader.h> you have to explicitly opt out to get NX disabled:
>
> How about Windows & Linux?

It seems to vary on Linux - 32-bit kernels in popular distributions
have it disabled, but 64-bit kernels enable it by default. (Apple's
hardware control simplifies things for them.)

According to Wikipedia it is in XP (SP2) and 2k3 (SP1).
--
Chris

Tim Streater

unread,
Nov 29, 2009, 11:24:45 AM11/29/09
to

Thanks. Hmm, something to think about there ...

Message has been deleted
0 new messages