Date: Mon, 20 Jul 1998 00:23:22 +0200 From: sthaug@nethelp.no To: brett@lariat.org Cc: security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <26381.900887002@verdi.nethelp.no> In-Reply-To: Your message of "Sun, 19 Jul 1998 14:47:25 -0600" References: <199807192047.OAA02264@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> What I CAN'T understand is why FreeBSD allows the hack to occur. Why on > Earth would one want to allow code to be executed from the stack? The Intel > segmentation model normally prevents this, and there's additional hardware > in the MMU that's supposed to be able to preclude it. Why does the OS leave > this gigantic hole open? Why not just close it? As far as I remember part of the signal handling code (the trampoline code) executes off the stack. I believe it's nontrivial to fix this. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26381.900887002>