Return to BSD News archive
Newsgroups: comp.os.386bsd.bugs Path: sserve!newshost.anu.edu.au!munnari.oz.au!constellation!osuunx.ucc.okstate.edu!moe.ksu.ksu.edu!ux1.cso.uiuc.edu!howland.reston.ans.net!math.ohio-state.edu!caen!destroyer!cs.ubc.ca!unixg.ubc.ca!acs.ucalgary.ca!cpsc.ucalgary.ca!xenlink!fsa.ca!deraadt From: deraadt@fsa.ca (Theo de Raadt) Subject: Re: Catching References to address 0 In-Reply-To: wjolitz@soda.berkeley.edu's message of 14 Jun 1993 17: 37:24 GMT Message-ID: <DERAADT.93Jun14195414@newt.fsa.ca> Sender: news@fsa.ca Nntp-Posting-Host: newt.fsa.ca Organization: little lizard city References: <1vid0k$p4n@agate.berkeley.edu> Date: Tue, 15 Jun 1993 02:54:14 GMT Lines: 46 In article <1vid0k$p4n@agate.berkeley.edu> wjolitz@soda.berkeley.edu (William F. Jolitz) writes: > I noticed that someone had posted a kernel mod to catch indirections > through 0 as a different file format. I've had strong disagreements > with that approach when Donn Seely created it at BSDI, since it's > unnecessarily overly specific for a new object file format. > > There's nothing worse than N different versions of the same stupid > object file format, straining a.out a little bit more in yet another > direction. This is as usual short sighted, and only useful as a quick > hack. BSD suffers from too many of such quick hacks. > > May I suggest a different approach. Don't rush to change the kernel > when you can exploit the features of user mode to the same end. Here's > an example: > > Let's say you want a debugging feature to catch indirections through 0, > and other absolute references. Why not use the system's existing > memory management facilities? > > How? Why not bump up the size of the run time start-up, and protect it > from access by the program. This can be done with two lines in the run > time start-off, creating a "hcrt0.o" or "hole" C run time start off: <patch deleted> > Note that in some cases with large data structures (like databases and > window systems), you can have structure references that span the 4096 > byte size of a page. It's possible to alter this larger on demand for > such occasions. Also, I've found that absolute program references of > addresses from low valued integer constants sometimes do occur, so > mapping really high can be useful. > > If one still feels the need for better executable file format (and > a.out leaves much to be desired), may I suggest that one spend time > either implementing ELF or something like it and doing "real" work > instead of short term hacks. They are better dealt with by exploiting > what is already present in the system. Note that doing it in this way effectively locks you out ever supporting NMAGIC or OMAGIC executables with the same crt0 stub. There's no argument though that ZMAGIC should have had it's first page protected a long time ago.. There's a bunch of other things that are also useful, and I'm believe ntohl(magic) numbers to be one, and have that code working... <tdr. -- This space not left unintentionally unblank. deraadt@fsa.ca