From owner-freebsd-security  Tue Jul 21 15:29:18 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA29311
          for freebsd-security-outgoing; Tue, 21 Jul 1998 15:29:18 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id PAA29301
          for <security@freebsd.org>; Tue, 21 Jul 1998 15:29:12 -0700 (PDT)
          (envelope-from imp@village.org)
Received: from harmony [10.0.0.6] 
	by rover.village.org with esmtp (Exim 1.71 #1)
	id 0yyktv-000558-00; Tue, 21 Jul 1998 16:28:51 -0600
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.8.8/8.8.3) with ESMTP id QAA28673; Tue, 21 Jul 1998 16:31:16 -0600 (MDT)
Message-Id: <199807212231.QAA28673@harmony.village.org>
To: Alexandre Snarskii <snar@paranoia.ru>
Subject: Re: The 99,999-bug question: Why can you execute from the stack? 
Cc: Don Lewis <Don.Lewis@tsc.tdk.com>, Archie Cobbs <archie@whistle.com>,
        Brett Glass <brett@lariat.org>, security@FreeBSD.ORG
In-reply-to: Your message of "Wed, 22 Jul 1998 01:31:20 +0400."
		<19980722013120.32585@nevalink.ru> 
References: <19980722013120.32585@nevalink.ru>  <snar@paranoia.ru> <199807202130.OAA27539@salsa.gv.tsc.tdk.com> 
Date: Tue, 21 Jul 1998 16:31:16 -0600
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <19980722013120.32585@nevalink.ru> Alexandre Snarskii writes:
: You got the named with _total_ bounds checking. 
: With correct bounds checking only on some functions 
: (strcpy/sprintf/strcat et al, which gets the 95% buffer 
: overflows since Internet worm ) my named works just fine. 

Purify, on Sparcs, run at 2.0x the time and 1.5x the memory.  Unless
the 1.5x memory requirement pushes you into thrashing mode.

Alexandre is right that adding this checking will help.  Won't catch
everything, but it will catch many things.

The more of these things that happen, the more I think that some of
these stop-gap measures may be warranted to buy time for a more
comprehensive solution.  However, I worry that with stop gaps in
place, that no comprehensive solution would be forth coming.

Warner

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message