Request for review [new bug](S): Stack guard pages are no more protected after loading a shared library with executable stack.

Dmitry Samersoff Dmitry.Samersoff at
Wed Oct 26 07:32:04 PDT 2011


On 2011-10-26 17:58, Florian Weimer wrote:
> * Goetz Lindenmaier:
>> This problem exists since 7019808, which adds -z noexecstack to the
>> linker command on linux.

Default SE Linux policy prevents library with executable stack being
loaded.  As far as jvm doesn't execute a code on the stack since 1.4.2
it sounds reasonable (and secure) to mark stack as not executable.

In most case executable stack is not necessary now days. The only case
in my memory, where executable stack is really necessary - code using
nested functions, as gcc generate trampolines on the stack.

Goetz, is it your case?


Dmitry Samersoff
Java Hotspot development team, SPB04
* There will come soft rains ...

More information about the hotspot-runtime-dev mailing list