Why is execstack required to execute code on the heap?

by

The real “unexpected” behavior is that setting the flag makes the heap executable as well as the stack. The flag is intended for use with executables that generate stack-based thunks (such as gcc when you take the address of a nested function) and shouldn’t really affect the heap. But Linux implements this by globally making ALL readable pages executable.

If you want finer-grained control, you could instead use the mprotect system call to control executable permissions on a per-page basis — Add code like:

uintptr_t pagesize = sysconf(_SC_PAGE_SIZE);
#define PAGE_START(P) ((uintptr_t)(P) & ~(pagesize-1))
#define PAGE_END(P)   (((uintptr_t)(P) + pagesize - 1) & ~(pagesize-1))
mprotect((void *)PAGE_START(shellcode), PAGE_END(shellcode+67) - PAGE_START(shellcode),
         PROT_READ|PROT_WRITE|PROT_EXEC);

More Related Contents:

  1. Removing trailing newline character from fgets() input
  2. Modulo operation with negative numbers
  3. C undefined behavior. Strict aliasing rule, or incorrect alignment? [duplicate]
  4. Order of local variable allocation on the stack
  5. What is the meaning of lines starting with a hash sign and number like ‘# 1 “a.c”‘ in the gcc preprocessor output?
  6. Undefined reference to `pow’ and `floor’
  7. Adding leading underscores to assembly symbols with GCC on Win32?
  8. What is the difference between C, C99, ANSI C and GNU C?
  9. aligned malloc() in GCC?
  10. Why didn’t gcc (or glibc) implement _s functions?
  11. How to access C variable for inline assembly manipulation?
  12. GCC fatal error: stdio.h: No such file or directory
  13. How to check if a given file descriptor stored in a variable is still valid?
  14. Why doesn’t GCC optimize structs?
  15. Detecting 64bit compile in C
  16. How to make gcc link strong symbol in static library to overwrite weak symbol?
  17. C preprocessor: expand macro in a #warning
  18. multi-word addition using the carry flag
  19. What is the default C -std standard version for the current GCC (especially on Ubuntu)?
  20. Inline assembly that clobbers the red zone
  21. Why “initializer element is not a constant” is… not working anymore?
  22. GCC 4.7 Source Character Encoding and Execution Character Encoding For String Literals?
  23. Tool to analyze size of ELF sections and symbol
  24. Process Linkage Table and Global Offset Table
  25. Why both clang and gcc only give a warning when there is a space after backslash if C standard says that whitespace is forbidden?
  26. Compiler changes printf to puts
  27. Error: initializer element is not computable at load time
  28. Override weak symbols in static library
  29. What is the effect of second argument in _builtin_prefetch()?
  30. Declaring an array of negative length

Leave a Comment