From owner-freebsd-security Wed Aug 30 00:42:55 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.FreeBSD.org (8.6.11/8.6.6) id AAA16296 for security-outgoing; Wed, 30 Aug 1995 00:42:55 -0700 Received: from critter.tfs.com ([140.145.230.252]) by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id AAA16278 for ; Wed, 30 Aug 1995 00:42:33 -0700 Received: from localhost (localhost [127.0.0.1]) by critter.tfs.com (8.6.11/8.6.9) with SMTP id AAA00551; Wed, 30 Aug 1995 00:40:05 -0700 X-Authentication-Warning: critter.tfs.com: Host localhost didn't use HELO protocol To: "Jonathan M. Bresler" cc: Bruce Evans , security@freebsd.org Subject: Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd) In-reply-to: Your message of "Tue, 29 Aug 1995 19:23:36 EDT." Date: Wed, 30 Aug 1995 00:40:04 -0700 Message-ID: <549.809768404@critter.tfs.com> From: Poul-Henning Kamp Sender: security-owner@freebsd.org Precedence: bulk > On Wed, 30 Aug 1995, Bruce Evans wrote: > > > >from a quick persual of the syslog.c that we have in -stable, i'd say > > >that FreeBSD is vunerable to this attack. our syslog has fixed size > > >buffers and uses sprintf to write to them. should be changed to > > >snprintf--a quick persual says that should do the trick > > > > >shades of rtm > > > > Anyone for execute-protected data by default if the machine can support > > it? Programs that want to execute data should have to request it and > > everything else would be more secure. > > the segment descriptors support the text (code) vs data > identification. this would be a big win regarding security (and writing > to wild pointers that hit your own code segment ;) Why didn't we think of that before ? I don't think I have ever seen a program execute anything in the datasegment, so we should have little trouble with this... -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Just that: dried leaves in boiling water ?