From owner-freebsd-hackers Thu Sep 10 18:11:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA13018 for freebsd-hackers-outgoing; Thu, 10 Sep 1998 18:11:14 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from allegro.lemis.com (allegro.lemis.com [192.109.197.134]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA13011 for ; Thu, 10 Sep 1998 18:11:09 -0700 (PDT) (envelope-from grog@freebie.lemis.com) Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137]) by allegro.lemis.com (8.9.1/8.9.0) with ESMTP id KAA03390; Fri, 11 Sep 1998 10:41:05 +0930 (CST) Received: (from grog@localhost) by freebie.lemis.com (8.9.1/8.9.0) id KAA13983; Fri, 11 Sep 1998 10:40:50 +0930 (CST) Message-ID: <19980911104050.B13960@freebie.lemis.com> Date: Fri, 11 Sep 1998 10:40:50 +0930 From: Greg Lehey To: Warner Losh , freebsd-hackers@FreeBSD.ORG Subject: Re: syscalls and the stack References: <199809100235.UAA08517@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: <199809100235.UAA08517@harmony.village.org>; from Warner Losh on Wed, Sep 09, 1998 at 08:35:29PM -0600 WWW-Home-Page: http://www.lemis.com/~grog Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-41-739-7062 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wednesday, 9 September 1998 at 20:35:29 -0600, Warner Losh wrote: > > Question: > do system calls need to be made from the executable stack? No. That's why copyin() and copyout() exist. > If this were disallowed, what would break? Who knows? I think the official answer is "nothing", but I'm sure that some code uses pointers instead of copying the data. > I know that a system like this wouldn't give total security, > but it seems that at the cost of a few instructions per system call > (which could be disabled, if you wanted), one could stop the smash the > stack attacks cold. This would have the same vulnerabilities as the > Solar Designer patches for Linux. However, a door that takes extra > care to open is better than no door at all... Yes, it would definitely help. There's also an i386 call gate function, which effectively performs some copies for you. Greg -- See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message