[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] OVMF/Xen, Debian wheezy can't boot with NX on stack (Was: Re: [edk2] [PATCH] OvmfPkg: prevent code execution from DXE stack)

>>> On 09.09.15 at 15:04, <lersek@xxxxxxxxxx> wrote:
> On 09/09/15 14:08, Jan Beulich wrote:
>>>>> On 09.09.15 at 12:48, <lersek@xxxxxxxxxx> wrote:
>> However, I would want to suggest an even more dynamic approach:
>> Assuming that within the core UEFI code it ought to be possible to
>> flip between executable and non-executable mapping of the stack,
>> and considering that PE headers can carry target version numbers,
>> how about reverting to an executable stack as long as there's at
>> least one binary loaded that isn't claiming to be 2.5 compatible?
> 
> This would require very intrusive changes (to be implemented by people
> other than me). Other concerns I have:
> 
> - I'm not sure if UEFI applications have any means to advertize what
>   revision of the specification they target. (As you mention.)

They can (as I said). Whether the image loader in UEFI actually
looks at the data today is another thing, as is whether everyone
makes sure their binaries say so.

And then again I realize that usually one would rather state the
minimum version required than that of the specification a binary
was built against, so perhaps the idea was a bad one anyway.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.