Hi Wilco, Am Mittwoch, den 12.12.2018, 22:04 +0000 schrieb Wilco Dijkstra: > Hi Martin, > > > Does a non-executable stack actually improve security? > > Absolutely, it's like closing your front door rather than just leave it open > for anyone.
The question is whether it is like closing the front door while leaving a window open. It makes it harder to exploit a system but does not really prevent it. > > For the alternative implementation using (custom) function > > descriptors (-fno-trampolines) the static chain becomes > > part of the ABI or not? > > I've not seen such an alternative implementation (-fno-trampolines is > ignored on all targets I tried), It was implemented for Ada. But here is a patch to also activate it for C: https://gcc.gnu.org/ml/gcc-patches/2018-12/msg00853.html With this patch one can use nested functions in C without having an executable stack. > but it wouldn't affect the ABI since you can > only take the address of a nested function when you're > the parent function. But you can pass the address to another function. Without trampolines, this other function needs to call the nested function directly using the right ABI. Best, Martin
