From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,b1f4420d01b2c4eb X-Google-Attributes: gid103376,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news4.google.com!proxad.net!feeder1-2.proxad.net!fdn.fr!club-internet.fr!feedme-small.clubint.net!news.ecp.fr!news.jacob-sparre.dk!pnx.dk!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: LLVM--Low Level Virtual Machine--and Ada Date: Mon, 23 Jul 2007 21:12:08 -0500 Organization: Jacob's private Usenet server Message-ID: References: <1184730995.862147.208590@g12g2000prg.googlegroups.com> NNTP-Posting-Host: static-69-95-181-76.mad.choiceone.net X-Trace: jacob-sparre.dk 1185242987 20131 69.95.181.76 (24 Jul 2007 02:09:47 GMT) X-Complaints-To: news@jacob-sparre.dk NNTP-Posting-Date: Tue, 24 Jul 2007 02:09:47 +0000 (UTC) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1896 Xref: g2news1.google.com comp.lang.ada:16578 Date: 2007-07-23T21:12:08-05:00 List-Id: "Duncan Sands" wrote in message news:mailman.6.1185176858.3834.comp.lang.ada@ada-france.org... > Hi Bob, thanks for your informative reply. > > > Another problem is that some modern machines use DEP (which I think > > stands for "data execution prevention" or something like that). DEP > > means the operating system prevents writeable data from being executed > > as code. The purpose is to prevent certain kinds of security holes > > that are common in languages that don't do array-bounds checking. > > But DEP prevents trampolines from working, so users have to turn > > it off in order to run some Ada programs (such as the compiler). > > It's a pain because users get some mysterious error message > > when trampolines are used. > > I'm not sure that this is a problem anymore: gcc uses a bunch of tricks > (eg: setting a flag on the program that notes it runs code on the stack) > to inform the operating system that the trampoline is kosher IIRC. That > said, I haven't tried to implement any of this in LLVM yet, which is also > why I'm vague on the details. That would be bad, as it would effectively turn of DEP for LLVM programs. These error detections are critically needed and turning them off just means you have buggy software that you can't/won't fix and that you're willing to remain part of the problem. Honestly, I never understood why programs *ever* needed to execute permission on stack and data. When we did our first 32-bit compilers, I kept those segments completely separate and was dismayed to find out that we couldn't set the permissions on the segments to actually match the uses (and thus detect bugs earlier). I managed to get the DOS extender versions sort-of-right by discarding the overlapping writable segments given to us by the OS and creating new non-overlapping ones for the data and stack. But neither Unix nor Windows provided anything that helped at all. I find it bizarre to find people deciding to apply the obvious technique of least privilege nearly 20 years later - what the heck have they been doing in the mean time? (Not caring if software is correct is one obvious answer...) Janus/Ada has never used any executable data/stack in its 32-bit versions; such code would save no more than a clock cycle or two (out of hundreds or thousands) and as such could not be significant. We use compiler-generated thunks rather than run-time generated trampolines, and I'm not sure why anyone would use the latter (given that they increase the exploitability of a program). Most be something I don't understand... Randy.