From owner-freebsd-security  Tue Jul 21 16:05:43 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA05758
          for freebsd-security-outgoing; Tue, 21 Jul 1998 16:05:43 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gatekeeper.alcatel.com.au (gatekeeper.alcatel.com.au [203.17.66.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA05748
          for <security@FreeBSD.ORG>; Tue, 21 Jul 1998 16:05:37 -0700 (PDT)
          (envelope-from peter.jeremy@alcatel.com.au)
Received: from mfg1.cim.alcatel.com.au ("port 4294"@[139.188.23.1])
 by gatekeeper.alcatel.com.au (PMDF V5.1-7 #U2695)
 with ESMTP id <01IZP21SUVSW0002MK@gatekeeper.alcatel.com.au> for
 security@FreeBSD.ORG; Wed, 22 Jul 1998 09:04:32 +1000
Received: from gsms01.alcatel.com.au by cim.alcatel.com.au
 (PMDF V5.1-10 #U2695) with ESMTP id <01IZP21Q6LE8JK9R2L@cim.alcatel.com.au>;
 Wed, 22 Jul 1998 09:04:28 +1000
Received: (from jeremyp@localhost) by gsms01.alcatel.com.au (8.8.8/8.7.3)
 id JAA28032; Wed, 22 Jul 1998 09:04:27 +1000 (EST)
Date: Wed, 22 Jul 1998 09:04:27 +1000 (EST)
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
Subject: Re: The 99,999-bug question: Why can you execute from the stack?
To: snar@paranoia.ru
Cc: security@FreeBSD.ORG
Message-id: <199807212304.JAA28032@gsms01.alcatel.com.au>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 22 Jul 1998 01:31:20 +0400, Alexandre Snarskii <snar@paranoia.ru> wrote:
>On Mon, Jul 20, 1998 at 02:30:33PM -0700, Don Lewis wrote:
>> In the situations where I've used code compiled this way, it seems
>> to average about a factor of 20 more expensive in terms of CPU usage.
>
>Strange result. Program, which does nothig but 100.000 strcpy's
>works _six_ times slower with bounds checking, but not 20... 

It's strongly dependent on which strcpy was used:
1) If you use the strcpy in libc, then there's no bounds checking -
   all you get is that both the source and destination pointers are
   valid when strcpy is called.
2) The bounds checking library includes a strcpy which is bounds
   checking aware - it explicitly checks the source string and
   destination buffer for validity and compatibility and then performs
   the copy without further checks.
3) If you wrote your own strcpy, then each time you copy a character,
   both the source and destination pointers will be checked.

Six times is about right for the second case.  I got about 200 times
for the third case.

Peter
--
Peter Jeremy (VK2PJ)                    peter.jeremy@alcatel.com.au
Alcatel Australia Limited
41 Mandible St                          Phone: +61 2 9690 5019
ALEXANDRIA  NSW  2015                   Fax:   +61 2 9690 5247

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message