Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 25 Sep 1998 17:26:32 -0400
From:      "Allen Smith" <easmith@beatrice.rutgers.edu>
To:        Alexandre Snarskii <snar@paranoia.ru>, Warner Losh <imp@village.org>
Cc:        security@FreeBSD.ORG
Subject:   Re: The 99,999-bug question: Why can you execute from the stack?
Message-ID:  <9809251726.ZM5725@beatrice.rutgers.edu>
In-Reply-To: Alexandre Snarskii <snar@paranoia.ru>   "Re: The 99,999-bug question: Why can you execute from the stack?" (Sep 18, 12:25pm)
References:  <199807200102.SAA07953@bubba.whistle.com>  <199807200148.TAA07794@harmony.village.org>  <imp@village.org>  <9807192209.ZM23527@beatrice.rutgers.edu>  <19980720173800.17978@nevalink.ru>  <snar@paranoia.ru>  <9809171619.ZM23712@beatrice.rutgers.edu>  <19980918202308.39458@nevalink.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 18, 12:25pm, Alexandre Snarskii (possibly) wrote:
> Library, which checks stack integrity only for cases
> of setugid/root owned now called libaranoia.N.N-root.tgz, 
> where N.N is a version. Note, that these checks is 
> a little broken by design - there are some daemons 
> (tftpd, for example) running non-setuid and with euid!=0, 
> so, no checks of stack integrity done. 

I've done a bit of a redesign of it, which after testing I'll make
available - it's a very minor change, which basically has the
libparanoia version always doing the checks and the libc version only
doing the checks if the geteuid & issetugid checks turn out possibly
problematic. (An #ifdef LIBPARANOIA is about all this is... I'm not
much of a C programmer.

> > 
> > Sorry about the delay on replying to this; I've been busy. While this
> > is a nicer way to do this in many ways, I am concerned in whether the
> > delay from calling the libparanoia checks is from the function call or 
> > from what the function does. If the latter, fine; if the former, the
> > problem I was working on (avoiding the slowdown except when really
> > needed) still exists. Any idea which is the case? (Of course, there's
>                         ^^^^^^^^^^^^^^^^^^^^^^^^^^
> Second one. 

Excellent.

> > also the time taken in doing the issetugid and geteuid checks in
> > either case, whether one has them in the individual functions or in
> 
> This check done only once - at first call to any 'insecure' 
> function. Result stored in global static variable, and used
> in later calls to avoid switching to kernel mode. 

Hmm... right. Good design.

	Thanks,

	-Allen

-- 
Allen Smith				easmith@beatrice.rutgers.edu
	

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9809251726.ZM5725>