Serafim Dahl wrote:
[...]
Now to my questions:
- Is it the case that code actually executes on the stack?
Yes (a few instructions, a so called "trampoline" is temporarily built and executed on the stack when local routines are used as procedural parameters).
- If you say yes to 1., is it possible to compile GPC in a way that avoids this?
I'm not really familiar with this, but there seems to be code for this problem for the 64 bit Sparc V9 configuration. I'm not sure if your hardware is of this type. If so, you might want to try something like `--target=sparcv9-sun-solaris2' when configuring (and the rebuilding) GPC. (This assumes gcc 2.95.x is used.)
If not, it might help to copy the definition of TRANSFER_FROM_TRAMPOLINE from gcc/config/sparc/sol2-sld-64.h to the approriate file used for your system in the same directory (configure should tell you which one: "Using ... as target machine macro file"). But this is untested ...
Otherwise, write again. I think, using some extra runtime code should be possible then ...
The systems group at my job is not likely to back on security issues. The 'noexec_user_stack' flag is set on all computers in the network.
Though as far as I was told in a security workshop, this is almost snake oil (i.e., it prevents certain out-of-the-box attacks, but leaves other possibilities for attacks if the program is vulnerable to buffer overruns etc. at all, so it will be only a matter of time until the script kiddies have upgraded their tools), but anyway ...
Frank