Virtual Machines and Memory Protections
Posted Nov 24, 2006 2:05 UTC (Fri) by bluefoxicy
In reply to: Virtual Machines and Memory Protections
Parent article: Virtual Machines and Memory Protections
You have a PROCESS context; however, a process.. let's say /bin/cat.. has libraries it uses. Any code in those libraries is running in that process' context. So if mysql uses libc6, then libc6 code is run with mysql's privileges; while if eye of gnome uses libc6, libc6 code is being executed with the user's privileges.
Look at Exec Shield even. Libraries like libgcrypt11 are marked needing an executable stack; this causes half of GNOME as well as Gaim and Firefox to have an executable stack because they use libgcrypt11. Once this was fixed in Ubuntu, a large number of programs suddenly didn't have an executable stack anymore. It's not like the stack is only executable when libgcrypt11 tries to execute it; if libpng tries to execute code on the stack and normally fails, it'll succeed just because libgcrypt11 is linked to the application.
Short version: Unix/POSIX/Linux can only distinguish between PROCESSES, not CODE. (limitation of the CPU in many, many cases)
to post comments)