From owner-freebsd-security Mon Feb 10 13:22:59 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA25988 for security-outgoing; Mon, 10 Feb 1997 13:22:59 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id NAA25983 for ; Mon, 10 Feb 1997 13:22:55 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vu3AO-0005Se-00; Mon, 10 Feb 1997 14:21:36 -0700 To: Peter Dufault Subject: Re: buffer overruns Cc: tqbf@enteract.com, freebsd-security@freebsd.org In-reply-to: Your message of "Mon, 10 Feb 1997 07:44:31 EST." <199702101244.HAA08991@hda.hda.com> References: <199702101244.HAA08991@hda.hda.com> Date: Mon, 10 Feb 1997 14:21:36 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199702101244.HAA08991@hda.hda.com> Peter Dufault writes: : is it realistic and doable to require suid programs to be text-execute only? I'm not sure you can do this. You'll need to have the shared libraries mappeded executable, as well as .text section of the program. If you then disallow execution of the stack area and the data area, you might be able to do it. Modulo all those cool tricks that I talked about before. But you still aren't 100% safe. Since pointers to functions can be stored in memory, you are still at risk of a buffer overflow that overwrites one of them that is later jumped to. Just to think of one example. Warner