From owner-freebsd-hackers  Thu Sep 10 18:11:14 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA13018
          for freebsd-hackers-outgoing; Thu, 10 Sep 1998 18:11:14 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from allegro.lemis.com (allegro.lemis.com [192.109.197.134])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA13011
          for <freebsd-hackers@FreeBSD.ORG>; Thu, 10 Sep 1998 18:11:09 -0700 (PDT)
          (envelope-from grog@freebie.lemis.com)
Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137])
	by allegro.lemis.com (8.9.1/8.9.0) with ESMTP id KAA03390;
	Fri, 11 Sep 1998 10:41:05 +0930 (CST)
Received: (from grog@localhost)
	by freebie.lemis.com (8.9.1/8.9.0) id KAA13983;
	Fri, 11 Sep 1998 10:40:50 +0930 (CST)
Message-ID: <19980911104050.B13960@freebie.lemis.com>
Date: Fri, 11 Sep 1998 10:40:50 +0930
From: Greg Lehey <grog@lemis.com>
To: Warner Losh <imp@village.org>, freebsd-hackers@FreeBSD.ORG
Subject: Re: syscalls and the stack
References: <199809100235.UAA08517@harmony.village.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.91.1i
In-Reply-To: <199809100235.UAA08517@harmony.village.org>; from Warner Losh on Wed, Sep 09, 1998 at 08:35:29PM -0600
WWW-Home-Page: http://www.lemis.com/~grog
Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia
Phone: +61-8-8388-8286
Fax: +61-8-8388-8725
Mobile: +61-41-739-7062
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wednesday,  9 September 1998 at 20:35:29 -0600, Warner Losh wrote:
>
> Question:
> 	do system calls need to be made from the executable stack? 

No.  That's why copyin() and copyout() exist.

> If this were disallowed, what would break?

Who knows?  I think the official answer is "nothing", but I'm sure
that some code uses pointers instead of copying the data.

> 	I know that a system like this wouldn't give total security,
> but it seems that at the cost of a few instructions per system call
> (which could be disabled, if you wanted), one could stop the smash the
> stack attacks cold.  This would have the same vulnerabilities as the
> Solar Designer patches for Linux.  However, a door that takes extra
> care to open is better than no door at all...

Yes, it would definitely help.  There's also an i386 call gate
function, which effectively performs some copies for you.

Greg
--
See complete headers for address, home page and phone numbers
finger grog@lemis.com for PGP public key

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message