Date: Mon, 10 Feb 1997 07:44:31 -0500 (EST) From: Peter Dufault <dufault@hda.com> To: tqbf@enteract.com Cc: dufault@hda.com, freebsd-security@freebsd.org Subject: Re: buffer overruns Message-ID: <199702101244.HAA08991@hda.hda.com> In-Reply-To: <19970210115941.27807.qmail@char-star.rdist.org> from "tqbf@enteract.com" at "Feb 10, 97 11:59:41 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> >Is the stack executable? I've been assuming the exploits modify > > Yes. > > >the stack to return to a built up call to "system" or something > > system() is a library routine that decays to an execve() (which is a > system call) of /bin/sh... (Yes - that's why I said "or something") (...) > >Has anyone seen modifications to gcc to generate guard bands around > >automatics and stack check sequences? The automatics can be checked > > On SunOS, yep. It broke alot of things we tried compiling. If you went that far you know the answer to my next two part question: is it realistic and doable to require suid programs to be text-execute only? Peter -- Peter Dufault (dufault@hda.com) Realtime Machine Control and Simulation HD Associates, Inc. Voice: 508 433 6936
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702101244.HAA08991>