From owner-freebsd-security  Sun Jul 19 14:38:26 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA25541
          for freebsd-security-outgoing; Sun, 19 Jul 1998 14:38:26 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from hotjobs.com (fs3.ny.genx.net [206.64.4.82])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id OAA25534
          for <security@FreeBSD.ORG>; Sun, 19 Jul 1998 14:38:24 -0700 (PDT)
          (envelope-from perlsta@fs3.ny.genx.net)
Received: (qmail 28997 invoked by uid 1288); 19 Jul 1998 21:37:07 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 19 Jul 1998 21:37:07 -0000
Date: Sun, 19 Jul 1998 17:37:07 -0400 (EDT)
From: Alfred <perlsta@fs3.ny.genx.net>
To: Brett Glass <brett@lariat.org>
cc: security@FreeBSD.ORG
Subject: Re: The 99,999-bug question: Why can you execute from the stack?
In-Reply-To: <199807192047.OAA02264@lariat.lariat.org>
Message-ID: <Pine.SOL.4.00.9807191735350.28070-100000@fs3.ny.genx.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

there was a thread about this just a week ago, it was something to do with
signals and threads.  and breakage of some ancient programs.

-Alfred

also there was just an announcement about some package to "self-check"
executables for stack corruption.

On Sun, 19 Jul 1998, Brett Glass wrote:

> We're going to be spending about a man-month rebuilding a complex system
> that was hacked due to a buffer overflow exploit. Looking back at our
> system log files, I can see exactly how the hack was done and how the
> perpetrator was able to get root.
> 
> What I CAN'T understand is why FreeBSD allows the hack to occur. Why on
> Earth would one want to allow code to be executed from the stack? The Intel
> segmentation model normally prevents this, and there's additional hardware
> in the MMU that's supposed to be able to preclude it. Why does the OS leave
> this gigantic hole open? Why not just close it?
> 
> --Brett Glass
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message