Non-executable stack and heap

Starting with version 2.0, NetBSD supports non-executable mappings on platforms where the hardware allows it. Process stack and heap mappings are non-executable by default. This makes exploiting potential buffer overflows harder. NetBSD supports PROT_EXEC permission via mmap() for all platforms where the hardware differentiates execute access from data access, though not necessarily with single-page granularity. When the hardware has a larger granularity, the rule is that if any page in the larger unit is executable, then the entire larger unit is executable, otherwise the entire larger unit is not executable.

No compile-time option is needed to enable this software support, it's always available.

Supported platforms

Here is a list of support levels based on hardware limitations. In this list "the stack" refers to the traditional UNIX process stack, not pthreads stacks.

  • amd64, sparc64, sparc (sun4m, sun4d), powerpc (ibm4xx), alpha, sh5, hppa: Full support, each page is independently executable or not.
  • powerpc (eg. macppc): The hardware granularity is a segment (256MB) instead of a page. By default, the segment containing the stack is not executable.
  • i386: The hardware support is pretty limited, so the granularity is very coarse. The current software implementation in NetBSD is that there are only two regions of the application address space which may be independently executable or not: the stack and everything else. By default, the stack is not executable and everything else is executable
  • Everything else; arm, m68k, mips, pc532, sh3, sparc(sun, sun4c), vax: No support, the hardware does not differentiate execute vs. data accesses, so anything readable to a process as data is executable by the process as code.

(contact us)   Generated from %NetBSD: non-exec.xml,v 1.4 2005/05/05 08:08:57 hrs Exp %
Copyright © 1994-2005 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.