> This is very good news! How does it work? How did you install? CD?
> I used to run Linux on HPPA, before the disks died, but I had a lot of
> trouble with software being buggy on HPPA. No Stack made a lot of stuff
> crazy (ffcall, ffi, interpreters, brwosers) in any case a very fine memory
> bug finding machine :) And very safe for servers, no stack-protection
> needed! I mourn HPPA.
I think you are deluded. The stack orientation on hppa makes any kind of
stack protection pointless, not because it is safe, but because it is
trivial to bypass.
Consider this:
#include <string.h>
void bogus_routine(char *);
int
main()
{
char buf[128];
bogus_routine(buf);
return 0;
}
void
bogus_routine(char *buf)
{
memset(buf, 0xff, 128 + 40);
}
bogus_routine() will happily overwrite the return address - which is on
the stack *beyond* buf. In this simple case, it will simply cause a
segmentation fault and a core dump because the address is not valid.
Now imagine bogus_routine() is not in your program, but in a shared
library from a huge third-party software known for frequent
vulnerabilities (for example, lib<your favorite image format>). A
malicious input passed to a function in such a library could overwrite
the return stack with a carefully crafted return address and make your
innocent image viewer misbehave in many ways.
