Date: Thu, 17 Sep 1998 14:29:50 -0600 From: Warner Losh <imp@village.org> To: "Allen Smith" <easmith@beatrice.rutgers.edu> Cc: Alexandre Snarskii <snar@paranoia.ru>, security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <199809172029.OAA19373@harmony.village.org> In-Reply-To: Your message of "Thu, 17 Sep 1998 16:19:52 EDT." <9809171619.ZM23712@beatrice.rutgers.edu> References: <9809171619.ZM23712@beatrice.rutgers.edu> <199807200102.SAA07953@bubba.whistle.com> <199807200148.TAA07794@harmony.village.org> <imp@village.org> <9807192209.ZM23527@beatrice.rutgers.edu> <19980720173800.17978@nevalink.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <9809171619.ZM23712@beatrice.rutgers.edu> "Allen Smith" writes: : Sorry about the delay on replying to this; I've been busy. While this : is a nicer way to do this in many ways, I am concerned in whether the : delay from calling the libparanoia checks is from the function call or : from what the function does. If the latter, fine; if the former, the : problem I was working on (avoiding the slowdown except when really : needed) still exists. Any idea which is the case? (Of course, there's : also the time taken in doing the issetugid and geteuid checks in : either case, whether one has them in the individual functions or in : stentry.c.) If need be, I'll try some profiling, but I'd prefer to : avoid that if someone already knows the answer. There is something called StackGuard that is available that does something similar to all functions that libparanoia does for str*. It places "canaries" in the stack frame and uses them to detect overflows. They claim there is little or no measurable slowdown. I'm playing with this in my spare time and will report back when I have something to say. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809172029.OAA19373>