From owner-freebsd-security  Sun Jul 19 18:41:03 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA24811
          for freebsd-security-outgoing; Sun, 19 Jul 1998 18:41:03 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA24806
          for <security@FreeBSD.ORG>; Sun, 19 Jul 1998 18:41:01 -0700 (PDT)
          (envelope-from brett@lariat.org)
Received: (from brett@localhost)
	by lariat.lariat.org (8.8.8/8.8.8) id TAA06705;
	Sun, 19 Jul 1998 19:40:39 -0600 (MDT)
Message-Id: <199807200140.TAA06705@lariat.lariat.org>
X-Sender: brett@mail.lariat.org
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 
Date: Sun, 19 Jul 1998 19:40:38 -0600
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
From: Brett Glass <brett@lariat.org>
Subject: Re: The 99,999-bug question: Why can you execute from the
  stack? 
Cc: dg@root.com, security@FreeBSD.ORG
In-Reply-To: <7757.900897422@time.cdrom.com>
References: <Your message of "Sun, 19 Jul 1998 16:28:00 MDT."             <199807192228.QAA03712@lariat.lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 06:17 PM 7/19/98 -0700, Jordan K. Hubbard wrote:
 
>If you can make it all work and want to hack up a proof of concept, go
>for it.  Right now, however, I think you're letting annoyance get the
>better part of intelligence.

I make no bones about the fact that I'm annoyed; that buffer overflow 
exploit will cost me between a week and a month of tedious work. The 
fact that the problem has been fixed in Linux and Solaris is a good 
proof of concept.

Again, the problem is simply one of where to put a "thunk." In general,
putting it on the CPU stack is a bad idea, and the problem is starting
to bite all of us. It'll only get worse, especially so long as we use C;
the language is so prone to array overruns and buffer overflow exploits.

>More importantly, making suggestions which are almost worded like
>demands when it is very clear that you do _not_ understand the subject
>in question is only a good way of antagonizing people.

As a seasoned assembly language programmer, I understand the subjects 
of memory allocation and "thunking" quite well. I don't think anyone 
should feel antagonized when I emphasize the importance of fixing this 
problem -- especially after the extensive personal cost it has had, and
will have, for me.

--Brett Glass



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message