Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 17 Sep 1998 14:29:50 -0600
From:      Warner Losh <imp@village.org>
To:        "Allen Smith" <easmith@beatrice.rutgers.edu>
Cc:        Alexandre Snarskii <snar@paranoia.ru>, security@FreeBSD.ORG
Subject:   Re: The 99,999-bug question: Why can you execute from the stack? 
Message-ID:  <199809172029.OAA19373@harmony.village.org>
In-Reply-To: Your message of "Thu, 17 Sep 1998 16:19:52 EDT." <9809171619.ZM23712@beatrice.rutgers.edu> 
References:  <9809171619.ZM23712@beatrice.rutgers.edu>  <199807200102.SAA07953@bubba.whistle.com> <199807200148.TAA07794@harmony.village.org> <imp@village.org> <9807192209.ZM23527@beatrice.rutgers.edu> <19980720173800.17978@nevalink.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <9809171619.ZM23712@beatrice.rutgers.edu> "Allen Smith" writes:
: Sorry about the delay on replying to this; I've been busy. While this
: is a nicer way to do this in many ways, I am concerned in whether the
: delay from calling the libparanoia checks is from the function call or 
: from what the function does. If the latter, fine; if the former, the
: problem I was working on (avoiding the slowdown except when really
: needed) still exists. Any idea which is the case? (Of course, there's
: also the time taken in doing the issetugid and geteuid checks in
: either case, whether one has them in the individual functions or in
: stentry.c.) If need be, I'll try some profiling, but I'd prefer to
: avoid that if someone already knows the answer.

There is something called StackGuard that is available that does
something similar to all functions that libparanoia does for str*.  It
places "canaries" in the stack frame and uses them to detect
overflows.  They claim there is little or no measurable slowdown.  I'm
playing with this in my spare time and will report back when I have
something to say.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809172029.OAA19373>