[Swarm-Support] executable code on the stack (revisited)

[Gary Polhill]

Hi,

A while ago I put a message to Swarm Support about gcc putting executable code 
on the stack, because sysadmins had disabled this on a machine that needed 
Swarm putting on it for security reasons 
(http://www.swarm.org/pipermail/support/1999-May/006024.html). The replies I 
got were largely to the effect that the sysadmins were being paranoid and that 
doing anything about it would be a lot of hassle. In the end I persuaded them 
to disable the security fix on the machine I needed to run Swarm on, but now I 
have to run a different model on a 10 CPU Sun box and there is *no way* they 
are going to disable any security features on 0.5M GBP worth of kit!

These problems all related to an earlier version of Swarm (1.0.2 & 1.4.1) and 
gcc (2.7.2 & 2.8.1), so it may be that they no longer apply. If they do:

1. As I recall, Swarm uses something called closures (nested functions), and 
this is what was causing gcc to put executable code on the stack 
(http://www.swarm.org/pipermail/support/1999-May/006026.html). The advantage is 
that the nested function inherits all the local variables of the enclosing 
function. (Please correct me if I'm wrong!) So, theoretically speaking, could 
the problem be fixed by taking the nested functions outside of their enclosing 
functions and giving them more arguments? Where, and how often do the Swarm 
libraries do this anyway? Do any of the Swarm needed-software packages do it as 
well?

2. I thought nested functions were something fairly standard in C. Do all C 
compilers put executable code on the stack to implement this? Does the C 
language really stipulate something that requires a breach of security? 

Looking forward to any replies...

Gary


Gary Polhill
Research Scientist
The Macaulay Institute
Craigiebuckler
Aberdeen AB15 8QH
UK
Tel: +(44) (0)1224 498200 Ext 2238
Fax: +(44) (0)1224 311556
e-mail: address@hidden
http://www.macaulay.ac.uk/
http://www.macaulay.ac.uk/fearlus/