From owner-freebsd-security  Sun Jul 19 15:18:21 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA01706
          for freebsd-security-outgoing; Sun, 19 Jul 1998 15:18:21 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA01701
          for <security@FreeBSD.ORG>; Sun, 19 Jul 1998 15:18:19 -0700 (PDT)
          (envelope-from brett@lariat.org)
Received: (from brett@localhost)
	by lariat.lariat.org (8.8.8/8.8.8) id QAA03542;
	Sun, 19 Jul 1998 16:17:49 -0600 (MDT)
Message-Id: <199807192217.QAA03542@lariat.lariat.org>
X-Sender: brett@mail.lariat.org
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 
Date: Sun, 19 Jul 1998 16:17:45 -0600
To: Alfred <perlsta@fs3.ny.genx.net>
From: Brett Glass <brett@lariat.org>
Subject: Re: The 99,999-bug question: Why can you execute from the
  stack?
Cc: security@FreeBSD.ORG
In-Reply-To: <Pine.SOL.4.00.9807191735350.28070-100000@fs3.ny.genx.net>
References: <199807192047.OAA02264@lariat.lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

It could be a kernel option: "Turn off at your own risk."

--Brett

At 05:37 PM 7/19/98 -0400, Alfred wrote:
 
>there was a thread about this just a week ago, it was something to do with
>signals and threads.  and breakage of some ancient programs.
>
>-Alfred
>
>also there was just an announcement about some package to "self-check"
>executables for stack corruption.
>
>On Sun, 19 Jul 1998, Brett Glass wrote:
>
>> We're going to be spending about a man-month rebuilding a complex system
>> that was hacked due to a buffer overflow exploit. Looking back at our
>> system log files, I can see exactly how the hack was done and how the
>> perpetrator was able to get root.
>> 
>> What I CAN'T understand is why FreeBSD allows the hack to occur. Why on
>> Earth would one want to allow code to be executed from the stack? The Intel
>> segmentation model normally prevents this, and there's additional hardware
>> in the MMU that's supposed to be able to preclude it. Why does the OS leave
>> this gigantic hole open? Why not just close it?
>> 
>> --Brett Glass
>> 
>> 
>> To Unsubscribe: send mail to majordomo@FreeBSD.org
>> with "unsubscribe security" in the body of the message
>> 
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message