From owner-freebsd-security  Sun Jul 19 18:03:04 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA20392
          for freebsd-security-outgoing; Sun, 19 Jul 1998 18:03:04 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA20384
          for <security@FreeBSD.ORG>; Sun, 19 Jul 1998 18:02:59 -0700 (PDT)
          (envelope-from archie@whistle.com)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id SAA27768; Sun, 19 Jul 1998 18:02:05 -0700 (PDT)
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma027766; Sun Jul 19 18:02:04 1998
Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id SAA07953; Sun, 19 Jul 1998 18:02:04 -0700 (PDT)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199807200102.SAA07953@bubba.whistle.com>
Subject: Re: The 99,999-bug question: Why can you execute from the stack?
In-Reply-To: <199807192047.OAA02264@lariat.lariat.org> from Brett Glass at "Jul 19, 98 02:47:25 pm"
To: brett@lariat.org (Brett Glass)
Date: Sun, 19 Jul 1998 18:02:04 -0700 (PDT)
Cc: security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Brett Glass writes:
> What I CAN'T understand is why FreeBSD allows the hack to occur. Why on
> Earth would one want to allow code to be executed from the stack? The Intel

As an almost-example of why executing on the stack is not completely
crazy, consider JIT-compiling Java runtimes like kaffe. These dynamically
compile Java methods into i386 executable instructions, then execute
those methods. Kaffe actually does this on the heap I think, but it just
as reasonable if it wanted to do it on the stack (eg, perhaps some kind
of temporary method, trampoline code to get things going, etc).

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message