From owner-freebsd-security  Sun Jul 19 18:18:22 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA22527
          for freebsd-security-outgoing; Sun, 19 Jul 1998 18:18:22 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA22522
          for <security@FreeBSD.ORG>; Sun, 19 Jul 1998 18:18:20 -0700 (PDT)
          (envelope-from jkh@time.cdrom.com)
Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1])
	by time.cdrom.com (8.8.8/8.8.8) with ESMTP id SAA07761;
	Sun, 19 Jul 1998 18:17:03 -0700 (PDT)
	(envelope-from jkh@time.cdrom.com)
To: Brett Glass <brett@lariat.org>
cc: dg@root.com, security@FreeBSD.ORG
Subject: Re: The 99,999-bug question: Why can you execute from the stack? 
In-reply-to: Your message of "Sun, 19 Jul 1998 16:28:00 MDT."
             <199807192228.QAA03712@lariat.lariat.org> 
Date: Sun, 19 Jul 1998 18:17:02 -0700
Message-ID: <7757.900897422@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> I'd much rather see this technique revised than leave a hole open for 
> buffer overflow attacks. We don't want to get a reputation for lax
> security.

If you can make it all work and want to hack up a proof of concept, go
for it.  Right now, however, I think you're letting annoyance get the
better part of intelligence.

More importantly, making suggestions which are almost worded like
demands when it is very clear that you do _not_ understand the subject
in question is only a good way of antagonizing people.  You, of all
people, should know that.

- Jordan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message