Peter Jones <[EMAIL PROTECTED]> writes: >> Would be alright if we could enable execute permission only on the specific >> pages needed (as known by GCC)? GCC provides an ENABLE_EXECUTE_STACK macro, >> but it seems that is not currently used on Linux. It is used on the various >> BSDs. > > It would be functional, but again we'd have security concerns. > > Sure, we're maybe being a little paranoid, but "they" really are out to > get us, and being paranoid has worked very well for us so far.
Wouldn't it be possible to use some other memory than the stack to implement trampolines? It's documented quite well: http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html Anyways, my primary concerns are making things work and moving forwards to something that is releasable. Making GRUB work in a way so it works like everyone wants is secondary and not possible in practice. Paranoid security is secondary to me, but if we can get it for free without making a mess of the code, that would be great. -- Marco _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel