From owner-freebsd-performance@FreeBSD.ORG  Thu Jun 26 20:06:02 2003
Return-Path: <owner-freebsd-performance@FreeBSD.ORG>
Delivered-To: freebsd-performance@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0553B37B401
	for <freebsd-performance@freebsd.org>;
	Thu, 26 Jun 2003 20:06:02 -0700 (PDT)
Received: from stoneport.math.uic.edu (stoneport.math.uic.edu
	[131.193.178.160])
	by mx1.FreeBSD.org (Postfix) with SMTP id 534C043FEC
	for <freebsd-performance@freebsd.org>;
	Thu, 26 Jun 2003 20:06:01 -0700 (PDT)
	(envelope-from djb-dsn-1056683193.18391@cr.yp.to)
Received: (qmail 18392 invoked by uid 1017); 27 Jun 2003 03:06:33 -0000
Date: 27 Jun 2003 03:06:33 -0000
Message-ID: <20030627030633.18391.qmail@cr.yp.to>
Automatic-Legal-Notices: See http://cr.yp.to/mailcopyright.html.
From: "D. J. Bernstein" <djb@cr.yp.to>
To: freebsd-performance@freebsd.org
References: <20030626220945.75399.qmail@cr.yp.to> <3EFB9C92.4010807@mac.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: Re: sacrificing performance for confusion
X-BeenThere: freebsd-performance@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Performance/tuning <freebsd-performance.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-performance>,
	<mailto:freebsd-performance-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-performance>
List-Post: <mailto:freebsd-performance@freebsd.org>
List-Help: <mailto:freebsd-performance-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-performance>,
	<mailto:freebsd-performance-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jun 2003 03:06:02 -0000

Chuck Swiger writes:
> However, I will also acknowledge that it may be the case that it may be 
> possible for code to work around a non-executable stack

In every case that I've investigated, not only is it definitely possible
to seize control of the process with limited exec, it's actually fairly
easy. Maybe there are counterexamples, but you obviously don't know any.
(Note to certain people making fools of themselves: that's ``seize
control,'' not ``kill.'')

If disabling x bits becomes popular, attackers will start working around
it, and we'll be back to where we are today. We need to stop the buffer
overflows (and other problems) from occurring in the first place.

Anyway, it seems unlikely that you believe that stack-x data-non-x makes
life any more difficult for the attacker than stack-x data-x; and you
obviously think that stack-non-x data-non-x would be the best situation.
So why do you object to merging the stack and data segments?

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago