Date: Tue, 21 Jul 1998 16:31:16 -0600 From: Warner Losh <imp@village.org> To: Alexandre Snarskii <snar@paranoia.ru> Cc: Don Lewis <Don.Lewis@tsc.tdk.com>, Archie Cobbs <archie@whistle.com>, Brett Glass <brett@lariat.org>, security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <199807212231.QAA28673@harmony.village.org> In-Reply-To: Your message of "Wed, 22 Jul 1998 01:31:20 %2B0400." <19980722013120.32585@nevalink.ru> References: <19980722013120.32585@nevalink.ru> <snar@paranoia.ru> <199807202130.OAA27539@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <19980722013120.32585@nevalink.ru> Alexandre Snarskii writes: : You got the named with _total_ bounds checking. : With correct bounds checking only on some functions : (strcpy/sprintf/strcat et al, which gets the 95% buffer : overflows since Internet worm ) my named works just fine. Purify, on Sparcs, run at 2.0x the time and 1.5x the memory. Unless the 1.5x memory requirement pushes you into thrashing mode. Alexandre is right that adding this checking will help. Won't catch everything, but it will catch many things. The more of these things that happen, the more I think that some of these stop-gap measures may be warranted to buy time for a more comprehensive solution. However, I worry that with stop gaps in place, that no comprehensive solution would be forth coming. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807212231.QAA28673>