Eric J Korpela
korpela at ssl.berkeley.edu
Sun Feb 26 13:50:34 CST 2006
On 2/23/06, Chuck Guzis <cclist at sydex.com> wrote:
> However, paging frees
> the programmer from worrying about organizing things in segmented fashion
> (and having to deal with selectors)--what is seen is simply a huge linear
> address space (Usually CS=DS=ES=FS=GS and nobody changes them).
And we're still paying for this brain dead choice with buffer and
stack overrun exploits. Whoever was the nitwit that decided to make
data and stack pages should be accessible through the code selector
and code should be accessible through the data selector should be
tarred and feathered. Actually it's probably lots of nitwits that
need to be tarred, since most x86 operating systems make this mistake.
Would it have been so difficult to have 1GB of unified stack+data and
a separate 1GB of code? (or adjustable segment sizes depending upon
the requirements of the program)?
Attempting to execute a data or stack item should segfault.
Attempting to read or write a code item should segfault. If you need
to execute data there should be an OS call to move pages into the code
Rather than the OS writers fixing this problem, they let it fester
until the processor manufacturers added a no-execute option to page
More information about the cctalk