From owner-freebsd-security  Sun Jul 19 15:04:05 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA29703
          for freebsd-security-outgoing; Sun, 19 Jul 1998 15:04:05 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA29684
          for <security@FreeBSD.ORG>; Sun, 19 Jul 1998 15:04:01 -0700 (PDT)
          (envelope-from roberto@keltia.freenix.fr)
Received: (from uucp@localhost)
	by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id AAA10777
	for security@FreeBSD.ORG; Mon, 20 Jul 1998 00:03:42 +0200 (CEST)
	(envelope-from roberto@keltia.freenix.fr)
Received: (from roberto@localhost)
        by keltia.freenix.fr (8.9.0.Beta4/keltia-2.14/nospam) id XAA09116
        for security@FreeBSD.ORG; Sun, 19 Jul 1998 23:55:32 +0200 (CEST)
        (envelope-from roberto)
Message-ID: <19980719235532.A8630@keltia.freenix.fr>
Date: Sun, 19 Jul 1998 23:55:32 +0200
From: Ollivier Robert <roberto@keltia.freenix.fr>
To: security@FreeBSD.ORG
Subject: Re: The 99,999-bug question: Why can you execute from the stack?
Mail-Followup-To: security@FreeBSD.ORG
References: <199807192047.OAA02264@lariat.lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93i
In-Reply-To: <199807192047.OAA02264@lariat.lariat.org>; from Brett Glass on Sun, Jul 19, 1998 at 02:47:25PM -0600
X-Operating-System: FreeBSD 3.0-CURRENT ctm#4462 AMD-K6 MMX @ 225 MHz
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

According to Brett Glass:
> segmentation model normally prevents this, and there's additional hardware
> in the MMU that's supposed to be able to preclude it. Why does the OS leave
> this gigantic hole open? Why not just close it?

As it has been said several times already, gcc itself make code on the
stack a bit difficult to forbid. It generates code on the stack for
"trampolines".
-- 
Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 3.0-CURRENT #61: Sun Jul 12 14:38:23 CEST 1998

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message