Date: Wed, 30 Aug 1995 00:40:04 -0700 From: Poul-Henning Kamp <phk@critter.tfs.com> To: "Jonathan M. Bresler" <jmb@kryten.atinc.com> Cc: Bruce Evans <bde@zeta.org.au>, security@freebsd.org Subject: Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd) Message-ID: <549.809768404@critter.tfs.com> In-Reply-To: Your message of "Tue, 29 Aug 1995 19:23:36 EDT." <Pine.3.89.9508291953.B15948-0100000@kryten.atinc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wed, 30 Aug 1995, Bruce Evans wrote: > > > >from a quick persual of the syslog.c that we have in -stable, i'd say > > >that FreeBSD is vunerable to this attack. our syslog has fixed size > > >buffers and uses sprintf to write to them. should be changed to > > >snprintf--a quick persual says that should do the trick > > > > >shades of rtm > > > > Anyone for execute-protected data by default if the machine can support > > it? Programs that want to execute data should have to request it and > > everything else would be more secure. > > the segment descriptors support the text (code) vs data > identification. this would be a big win regarding security (and writing > to wild pointers that hit your own code segment ;) Why didn't we think of that before ? I don't think I have ever seen a program execute anything in the datasegment, so we should have little trouble with this... -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Just that: dried leaves in boiling water ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?549.809768404>