From owner-freebsd-security@FreeBSD.ORG  Tue Aug 12 04:15:39 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B747037B401
	for <security@freebsd.org>; Tue, 12 Aug 2003 04:15:39 -0700 (PDT)
Received: from cirb503493.alcatel.com.au
	(c211-28-27-130.belrs2.nsw.optusnet.com.au [211.28.27.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8039C43F3F
	for <security@freebsd.org>; Tue, 12 Aug 2003 04:15:31 -0700 (PDT)
	(envelope-from PeterJeremy@optushome.com.au)
Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au
	[127.0.0.1])h7CBFRgh066983;	Tue, 12 Aug 2003 21:15:27 +1000 (EST)
	(envelope-from jeremyp@cirb503493.alcatel.com.au)
Received: (from jeremyp@localhost)
	by cirb503493.alcatel.com.au (8.12.8/8.12.8/Submit) id h7CBFNX5066982;
	Tue, 12 Aug 2003 21:15:23 +1000 (EST)
Date: Tue, 12 Aug 2003 21:15:23 +1000
From: Peter Jeremy <PeterJeremy@optushome.com.au>
To: "Devon H. O'Dell" <dodell@sitetronics.com>
Message-ID: <20030812111522.GA66788@cirb503493.alcatel.com.au>
References: <20030812085617.GA407@FreeBSD.org>
	<003501c360b0$6dad9970$9f8d2ed5@internal>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <003501c360b0$6dad9970$9f8d2ed5@internal>
User-Agent: Mutt/1.4.1i
cc: security@freebsd.org
Subject: Re: realpath(3) et al
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Aug 2003 11:15:40 -0000

On Tue, Aug 12, 2003 at 11:02:16AM +0200, Devon H. O'Dell wrote:
>Features such as a protected stack should, IMO, be implemented as soon as
>possible to keep FreeBSD heads-afloat right now in the security sense....
>OpenBSD has implemented this already and there are many patches for Linux to
>do the same... why don't we go ahead and shove some of this code into CVS?

By "protected" I presume you mean "non-executable".  Whilst making the
stack non-executable is trivial, making the system still work isn't.
I believe the FreeBSD signal handling still relies on a signal
trampoline on the stack.  Some ports also expect an executable stack
(most commonly lisp implementations).

Some years ago, I tried implementing a non-executable stack on a
Solaris box.  Interleaf promptly stopped working so I had to undo the
change.

Peter