From owner-freebsd-performance@FreeBSD.ORG Thu Jun 26 15:09:14 2003 Return-Path: Delivered-To: freebsd-performance@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3961D37B401 for ; Thu, 26 Jun 2003 15:09:14 -0700 (PDT) Received: from stoneport.math.uic.edu (stoneport.math.uic.edu [131.193.178.160]) by mx1.FreeBSD.org (Postfix) with SMTP id 8CD8343FCB for ; Thu, 26 Jun 2003 15:09:13 -0700 (PDT) (envelope-from djb-dsn-1056665385.75399@cr.yp.to) Received: (qmail 75400 invoked by uid 1017); 26 Jun 2003 22:09:45 -0000 Date: 26 Jun 2003 22:09:45 -0000 Message-ID: <20030626220945.75399.qmail@cr.yp.to> Automatic-Legal-Notices: See http://cr.yp.to/mailcopyright.html. From: "D. J. Bernstein" To: freebsd-performance@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: sacrificing performance for confusion X-BeenThere: freebsd-performance@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Performance/tuning List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2003 22:09:14 -0000 > Using VMM protection to forbid code execution within the DATA, BSS, heap, > and stack (if one can) mitigates against a common class of problems-- I don't believe you. Show me a real program that's (1) vulnerable if data/bss/heap/stack are executable and (2) invulnerable otherwise. Yes, attacks are often written to take advantage of executable stacks; but, in every case I've investigated, the programs would still have been vulnerable with non-executable stacks. ---D. J. Bernstein, Associate Professor, Department of Mathematics, Statistics, and Computer Science, University of Illinois at Chicago