From owner-freebsd-security  Tue Jul 21 01:39:34 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA07909
          for freebsd-security-outgoing; Tue, 21 Jul 1998 01:39:34 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from relay.esat.net (relay.esat.net [192.111.39.11])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA07904
          for <security@freebsd.org>; Tue, 21 Jul 1998 01:39:31 -0700 (PDT)
          (envelope-from nialls@euristix.ie)
Received: from (euristix.ie) [193.120.210.2] 
	by relay.esat.net with esmtp 
	 id 0yyXx0-0001br-00; Tue, 21 Jul 1998 09:39:11 +0100
Received: by gateway.euristix.ie id <19713>; Tue, 21 Jul 1998 09:37:36 +0100
Message-Id: <98Jul21.093736bst.19713@gateway.euristix.ie>
Date: Tue, 21 Jul 1998 10:39:29 +0100
From: Niall Smart <nialls@euristix.ie>
X-Mailer: Mozilla 4.05 [en] (X11; I; FreeBSD 3.0-CURRENT i386)
MIME-Version: 1.0
To: Brett Glass <brett@lariat.org>
CC: Alexandre Snarskii <snar@paranoia.ru>, Warner Losh <imp@village.org>,
        Archie Cobbs <archie@whistle.com>, security@FreeBSD.ORG
Subject: Re: The 99,999-bug question: Why can you execute from the
	  stack?
References: <199807200148.TAA07794@harmony.village.org>
	 <199807200102.SAA07953@bubba.whistle.com>
	 <199807200148.TAA07794@harmony.village.org> <199807201714.LAA19993@lariat.lariat.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Brett Glass wrote:
> 
> Waitaminnit. Intel installed, IN THE x86 CHIPS WE ARE NOW USING, special
> hardware designed to guard against these exploits. The mechanisms
> they designed are called "segments" and "call gates" (among other
> things). And what do we do? We turn it off. In fact, Intel sees
> so few people using these vital features that it doesn't bother
> to speed them up in new CPU models, as they do other parts of
> the chip.
> 
> In short, the hackers who want slightly more convenient "flat"
> address spaces have contributed in devastating ways to the problems
> we have now.

Eh?  Call gates are entry points to different priviledge levels.  I
don't
see how you intend to use them to stop the problem of the buffer
overflow.
The primary reason for their existance is to provide OS developers with
the ability to layer the OS so that the TCP/IP stack can't munge the
VM's
data structures for example.


Niall

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message