[Info-vax] RMS and SSIO (again)
John Dallman
jgd at cix.co.uk
Tue Jan 11 17:55:00 EST 2022
In article <srkj4r$m7g$2 at dont-email.me>,
clubley at remove_me.eisner.decus.org-Earth.UFP (Simon Clubley) wrote:
> However, at that time, John was planning to add this to the LLVM
> based compilers at some point. I don't know the current status of
> that.
Most of that will come free with the LLVM compilers. The thing that will
probably be different is the error generation when checks are failed. On
OSes where I've used stack buffer overflow protection, failing a check
generally terminates the process.
> Do any of the DEC compilers generate code that executes on the stack
> at runtime ?
I doubt it.
The point of making the stack non-executable is to make an attacker's job
in exploiting security holes harder. If an attacker can upload exploit
code (often called "shell code") into a stack buffer and run it there,
that's easier than finding a way to upload the exploit code into heap
memory.
John
More information about the Info-vax
mailing list