From owner-freebsd-security Fri Sep 25 14:26:48 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA14369 for freebsd-security-outgoing; Fri, 25 Sep 1998 14:26:48 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from beatrice.rutgers.edu (beatrice.rutgers.edu [165.230.209.143]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA14364 for ; Fri, 25 Sep 1998 14:26:46 -0700 (PDT) (envelope-from easmith@beatrice.rutgers.edu) Received: (from easmith@localhost) by beatrice.rutgers.edu (980427.SGI.8.8.8/970903.SGI.AUTOCF) id RAA05727; Fri, 25 Sep 1998 17:26:32 -0400 (EDT) From: "Allen Smith" Message-Id: <9809251726.ZM5725@beatrice.rutgers.edu> Date: Fri, 25 Sep 1998 17:26:32 -0400 In-Reply-To: Alexandre Snarskii "Re: The 99,999-bug question: Why can you execute from the stack?" (Sep 18, 12:25pm) References: <199807200102.SAA07953@bubba.whistle.com> <199807200148.TAA07794@harmony.village.org> <9807192209.ZM23527@beatrice.rutgers.edu> <19980720173800.17978@nevalink.ru> <9809171619.ZM23712@beatrice.rutgers.edu> <19980918202308.39458@nevalink.ru> X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail) To: Alexandre Snarskii , Warner Losh Subject: Re: The 99,999-bug question: Why can you execute from the stack? Cc: security@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sep 18, 12:25pm, Alexandre Snarskii (possibly) wrote: > Library, which checks stack integrity only for cases > of setugid/root owned now called libaranoia.N.N-root.tgz, > where N.N is a version. Note, that these checks is > a little broken by design - there are some daemons > (tftpd, for example) running non-setuid and with euid!=0, > so, no checks of stack integrity done. I've done a bit of a redesign of it, which after testing I'll make available - it's a very minor change, which basically has the libparanoia version always doing the checks and the libc version only doing the checks if the geteuid & issetugid checks turn out possibly problematic. (An #ifdef LIBPARANOIA is about all this is... I'm not much of a C programmer. > > > > Sorry about the delay on replying to this; I've been busy. While this > > is a nicer way to do this in many ways, I am concerned in whether the > > delay from calling the libparanoia checks is from the function call or > > from what the function does. If the latter, fine; if the former, the > > problem I was working on (avoiding the slowdown except when really > > needed) still exists. Any idea which is the case? (Of course, there's > ^^^^^^^^^^^^^^^^^^^^^^^^^^ > Second one. Excellent. > > also the time taken in doing the issetugid and geteuid checks in > > either case, whether one has them in the individual functions or in > > This check done only once - at first call to any 'insecure' > function. Result stored in global static variable, and used > in later calls to avoid switching to kernel mode. Hmm... right. Good design. Thanks, -Allen -- Allen Smith easmith@beatrice.rutgers.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message