Ripples from Stack Clash
Ripples from Stack Clash
Posted Jun 29, 2017 7:05 UTC (Thu) by vegard (subscriber, #52330)In reply to: Ripples from Stack Clash by cesarb
Parent article: Ripples from Stack Clash
Are you referring to page fault exceptions, which is a hardware feature different from C++ exceptions? I'm pretty sure it's the same on Linux, and you can even handle those by handling SIGSEGV and/or SIGBUS.
> I doubt it was an intentional security feature on part of the Windows designers; it was probably a side effect of the design of its virtual memory subsystem,
I don't know, I think one-page-at-a-time expansion is a more sane design from the outset. I mean, for sure they didn't have the current Linux userspace exploits in mind, but I don't find it unthinkable that there was at the very least a vaguely security-related concern behind their design.
I don't think we should assume by default that Windows got something right only because of a "lucky design choice"; that's a bit disingenuous.
Posted Jun 29, 2017 9:39 UTC (Thu)
by farnz (subscriber, #17727)
[Link]
Windows has had a userspace exception mechanism in all Win32 versions. The Windows kernel won't grow stacks automatically; instead, if you want a stack to grow, you set up a guard page, which will trigger a Guard Page Violation exception when touched (instead of the normal Page Fault exception), and then automatically put the page you set up when you configured the guard page into place.
This lets you map in a new guard page, ready for the next step of growth.
Posted Jun 29, 2017 13:55 UTC (Thu)
by felixfix (subscriber, #242)
[Link] (1 responses)
What if the local var which expands the stack is a multi-page array which is populated randomly?
Posted Jun 29, 2017 22:22 UTC (Thu)
by kmeyer (subscriber, #50720)
[Link]
Ripples from Stack Clash
Ripples from Stack Clash
Ripples from Stack Clash