Non-executable stack

Dag-Erling Smørgrav des at des.no
Fri Nov 4 02:38:45 PST 2005


martinko <martinkov at pobox.sk> writes:
> and what exactly is that trampoline btw/pls ?

When a process receives a signal, the kernel needs to call the
appropriate signal handler (in user space), then do some cleanup when
the signal handler returns, and pass control back to whatever code was
interrupted by the signal.  The cleanup is handled by the sigreturn()
syscall.  To avoid having to manually add a call to sigreturn() at the
end of each signal handler, we use a small piece of trampoline code
(sigcode in locore.S) which calls the signal handler, then issues a
sigreturn() syscall.  This trampoline needs to be in a fixed location
so the kernel knows where to find it, and it needs to be present at
all times, so we can't just put it in the crt and then have the crt
report its location to the kernel somehow.  Currently, it is copied
into place at the top of the stack by execve().

DES
-- 
Dag-Erling Smørgrav - des at des.no



More information about the freebsd-security mailing list