Date: Tue, 21 Jul 1998 13:01:27 +1000 (EST) From: Peter Jeremy <peter.jeremy@alcatel.com.au> To: Don.Lewis@tsc.tdk.com Cc: security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <199807210301.NAA10787@gsms01.alcatel.com.au>
next in thread | raw e-mail | index | archive | help
On Mon, 20 Jul 1998 14:30:33 -0700, Don Lewis <Don.Lewis@tsc.tdk.com> wrote: >In the situations where I've used code compiled this way, it seems >to average about a factor of 20 more expensive in terms of CPU usage. I have used this code in the past, and that sounds about right. >If this is acceptable to you, feel free to get the GCC patches and >recompile userland (or at least those pieces that are compatible >with the bounds checker). See ><http://www-dse.doc.ic.ac.uk/~rj3/bounds-checking.html>. Note that this code is getting fairly old and doesn't appear to be maintained. I am aware of the following undocumented bugs with it: - str[n]casecmp() doesn't work when either string contains characters with the MSB set (I have submitted patches to fix this). - side-effects in multi-dimensional array references are evaluated multiple times. In particular `foo[y++][x]' increments y by 2. (I can see why this is occurring, but I haven't been able to work out how to cleanly fix it). Given the (documented) restrictions relating to signal handlers and setjmp/longjmp, together with the second bug above, I don't believe it's usable as a general-purpose debugging tool. I think this is unfortunate, because it can be very useful. Peter -- Peter Jeremy (VK2PJ) peter.jeremy@alcatel.com.au Alcatel Australia Limited 41 Mandible St Phone: +61 2 9690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 9690 5247 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807210301.NAA10787>