From owner-freebsd-hackers Wed Feb 12 12:30:52 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA24568 for hackers-outgoing; Wed, 12 Feb 1997 12:30:52 -0800 (PST) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA24563 for ; Wed, 12 Feb 1997 12:30:50 -0800 (PST) Received: from burka.carrier.kiev.ua (snar@burka.carrier.kiev.ua [193.193.193.100]) by who.cdrom.com (8.7.5/8.6.11) with ESMTP id MAA07839 for ; Wed, 12 Feb 1997 12:30:32 -0800 (PST) Received: (from snar@localhost) by burka.carrier.kiev.ua (8.8.4/8.who.cares.1) id WAA21544; Wed, 12 Feb 1997 22:23:15 +0200 (EET) From: Alexander Snarskii Message-Id: <199702122023.WAA21544@burka.carrier.kiev.ua> Subject: Re: Increasing overall security.... To: michaelh@cet.co.jp (Michael Hancock) Date: Wed, 12 Feb 1997 22:23:14 +0200 (EET) Cc: dk+@ua.net, snar@lucky.net, freebsd-hackers@FreeBSD.org In-Reply-To: from "Michael Hancock" at Feb 12, 97 11:28:24 am Content-type: text/plain; charset=koi8-r X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > > On Mon, 10 Feb 1997, Dmitry Kohmanyuk wrote: > > > 'Why don't rewrite that functions to check the stack integrity > > > before return?' says Oleg Panaschenko sometimes ago, and after > > > some reflections i found that that is not so bad idea. Yes, we're > > > getting some overhead with using these functions rather than > > > with standard ones, but, as for me, this overhead is not so big > > > and a reason, that i can sleep without nightmares about another > > > stack overflow exploits is much important for me. > > > > that's very good idea. I don't understand the reasons from other people > > responding to this negatively. > > Speaking for myself. The author's original argument for this patch seemed > to be because there was no "Theo" in the FreeBSD group. He was unaware of > the current situation and I informed him. The fact that "Theo" is not in the FreeBSD-team was just one of my arguments :) > > To play devil's advocate... > > 1) It requires assembler which is harder to understand. Less people are > qualified to review it. Relying on something harder to understand for > security is questionable. Yes, it is. But there are about 51 functions in standard libc, realized on assembler, so, i think there are someone, who wrote it, and knew assembler well to review .... > > 2) We don't know if it operates correctly. Sendmail 8.8.5 has around 106 > strcpy's in it and we don't know what the patch's effect will be in a > production environment. Mike, do you think that i published this patches without correct check of working ? These patches are applied on my main computers about week or so, and i have no problems with... ( Well, sendmail 8.8.5 - no problems, too... ) > > The author should probably instead try to get people to apply it in their > own environments and test it for him. If there is enough popular demand > then people might make more effort to commit it. > > Just out of curiosity has this patch been submitted to OpenBSD? Not. Right now i have no time, but on the next week i'll port it to OpenBSD/i386. -- Alexander Snarskii the source code is included.