From owner-freebsd-security  Thu Sep 17 13:29:23 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA20551
          for freebsd-security-outgoing; Thu, 17 Sep 1998 13:29:23 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id NAA20485
          for <security@freebsd.org>; Thu, 17 Sep 1998 13:29:06 -0700 (PDT)
          (envelope-from imp@village.org)
Received: from harmony [10.0.0.6] 
	by rover.village.org with esmtp (Exim 1.71 #1)
	id 0zJkfM-0003rS-00; Thu, 17 Sep 1998 14:28:36 -0600
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.1/8.8.3) with ESMTP id OAA19373; Thu, 17 Sep 1998 14:29:50 -0600 (MDT)
Message-Id: <199809172029.OAA19373@harmony.village.org>
To: "Allen Smith" <easmith@beatrice.rutgers.edu>
Subject: Re: The 99,999-bug question: Why can you execute from the stack? 
Cc: Alexandre Snarskii <snar@paranoia.ru>, security@FreeBSD.ORG
In-reply-to: Your message of "Thu, 17 Sep 1998 16:19:52 EDT."
		<9809171619.ZM23712@beatrice.rutgers.edu> 
References: <9809171619.ZM23712@beatrice.rutgers.edu>  <199807200102.SAA07953@bubba.whistle.com> <199807200148.TAA07794@harmony.village.org> <imp@village.org> <9807192209.ZM23527@beatrice.rutgers.edu> <19980720173800.17978@nevalink.ru> 
Date: Thu, 17 Sep 1998 14:29:50 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <9809171619.ZM23712@beatrice.rutgers.edu> "Allen Smith" writes:
: Sorry about the delay on replying to this; I've been busy. While this
: is a nicer way to do this in many ways, I am concerned in whether the
: delay from calling the libparanoia checks is from the function call or 
: from what the function does. If the latter, fine; if the former, the
: problem I was working on (avoiding the slowdown except when really
: needed) still exists. Any idea which is the case? (Of course, there's
: also the time taken in doing the issetugid and geteuid checks in
: either case, whether one has them in the individual functions or in
: stentry.c.) If need be, I'll try some profiling, but I'd prefer to
: avoid that if someone already knows the answer.

There is something called StackGuard that is available that does
something similar to all functions that libparanoia does for str*.  It
places "canaries" in the stack frame and uses them to detect
overflows.  They claim there is little or no measurable slowdown.  I'm
playing with this in my spare time and will report back when I have
something to say.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message