From owner-freebsd-security  Mon Jul 20 14:32:17 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA18791
          for freebsd-security-outgoing; Mon, 20 Jul 1998 14:32:17 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gatekeeper.tsc.tdk.com (root@gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA18778
          for <security@FreeBSD.ORG>; Mon, 20 Jul 1998 14:32:14 -0700 (PDT)
          (envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id OAA15282;
	Mon, 20 Jul 1998 14:30:35 -0700 (PDT)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id OAA03728;
	Mon, 20 Jul 1998 14:30:34 -0700 (PDT)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id OAA27539;
	Mon, 20 Jul 1998 14:30:33 -0700 (PDT)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199807202130.OAA27539@salsa.gv.tsc.tdk.com>
Date: Mon, 20 Jul 1998 14:30:33 -0700
In-Reply-To: Alexandre Snarskii <snar@paranoia.ru>
       "Re: The 99,999-bug question: Why can you execute from the stack?" (Jul 20,  3:29pm)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Alexandre Snarskii <snar@paranoia.ru>, Warner Losh <imp@village.org>,
        Archie Cobbs <archie@whistle.com>
Subject: Re: The 99,999-bug question: Why can you execute from the stack?
Cc: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Jul 20,  3:29pm, Alexandre Snarskii wrote:
} Subject: Re: The 99,999-bug question: Why can you execute from the stack?
} On Sun, Jul 19, 1998 at 07:48:30PM -0600, Warner Losh wrote:

} > Another high cost option would be to have a purify/checker-like
} > functionality compiled into everything and cause a segv or some other
} > generally fatal signal.  This would solve all the overflows, but again
} > at a huge price.
} 
} At huge computing price. Measured in seconds, spent by processor
} to perform needed computing.

It may be worse than that.  In a desparate attempt to track down a
bug in BIND, I recompiled it with the bounds checking version of
gcc.  On a fairly zippy machine, it took about half an hour to load
a few zones with a total of a few hundred hosts.  Under light query
load it was gobbling about 30% of the CPU.

In the situations where I've used code compiled this way, it seems
to average about a factor of 20 more expensive in terms of CPU usage.
If this is acceptable to you, feel free to get the GCC patches and
recompile userland (or at least those pieces that are compatible
with the bounds checker).  See
<http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html>.

			---  Truck

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message