[ih] Re: OOT: What is a stack?

James P. Salsman bovik at best.com
Mon Jul 30 19:44:30 PDT 2001


Rahmat,

Thank you for your questions about stacks.

Since the virtual memory management unit defines which segments are and 
are not executable, I think it is best to think of the stack as the 
memory which has been allocated to the MMU's "stack segment" instead of 
in terms of particular registers.

It turns out that the i386 MMU does have provisions for nonexecutable 
segments, and such safeguards for the stack are implemented in certain 
patches to Linux.  However, those patches break certain features of 
the GDB debugger, so they are not popular.  Also, it is rumored that 
certain unix signaling packages push legitimate code on to the stack, 
but they are sloppy, because there is a miniscule efficiency advantage 
to doing so, and the pitfalls are very bad.  (Every fixed-length buffer
becomes a potential security exploit.)

Maybe someone at Microsoft can tell us what happens to Windows when 
the stack segment is marked non-executable.  Does anything break?  At 
least the CodeRed worm would break, along with similar stack exploits.

Cheers,
James

> Date: Tue, 31 Jul 2001 09:15:54 +0700
> From: "Rahmat M. Samik-Ibrahim" <rms46 at vlsm.org>
> To: MILIS Internet History <internet-history at postel.org>
> CC: "James P. Salsman" <bovik at best.com>
> Subject: OOT: What is a stack?
> 
> Hello:
> 
> I have no idea where to follow up this issue; hopefully this
> list is the best fit.
> 
> James P. Salsman wrote on the IETF list:
> 
> > Speaking of prevention measures, is there anything in 
> > i386 architecture which can prevetn execution of code 
> > on the stack, or is that exclusive to SPARCitecture?
> 
> I am not familiar with SPARC, cmiiw, it uses 32 multipurpose
> registers with a sliding window. Therefore, what is exactly
> "prevent execution of code on the stack" ?
> 
> Speaking of stack history, how many processors that actually
> call one of its register as a "stack pointer"? Intel 8XXX,
> Zilog, what else?
> 
> How about PDP-11, does R5 count as a stack pointer?
> How about HP-1000, where a return address was stored
> in the front of a subroutine (Jump save address)?
> 
> regards,
> 
> -- 
> Rahmat M. Samik-Ibrahim - VLSM-TJT - http://rms46.vlsm.org
> - Hi! How are you? I send you this in order to have advice



More information about the Internet-history mailing list