From owner-freebsd-security  Wed Aug 30 03:10:32 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id DAA23993
          for security-outgoing; Wed, 30 Aug 1995 03:10:32 -0700
Received: from critter.tfs.com ([140.145.230.252])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id DAA23986
          for <security@freebsd.org>; Wed, 30 Aug 1995 03:10:27 -0700
Received: from localhost (localhost [127.0.0.1]) by critter.tfs.com (8.6.11/8.6.9) with SMTP id DAA01250; Wed, 30 Aug 1995 03:08:08 -0700
X-Authentication-Warning: critter.tfs.com: Host localhost didn't use HELO protocol
To: davidg@Root.COM
cc: "Jonathan M. Bresler" <jmb@kryten.atinc.com>,
        Bruce Evans <bde@zeta.org.au>, security@freebsd.org
Subject: Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd) 
In-reply-to: Your message of "Wed, 30 Aug 1995 01:59:25 PDT."
             <199508300859.BAA04030@corbin.Root.COM> 
Date: Wed, 30 Aug 1995 03:08:07 -0700
Message-ID: <1248.809777287@critter.tfs.com>
From: Poul-Henning Kamp <phk@critter.tfs.com>
Sender: security-owner@freebsd.org
Precedence: bulk

> >> 	the segment descriptors support the text (code) vs data 
> >> identification.  this would be a big win regarding security (and writing 
> >> to wild pointers that hit your own code segment ;)
> >
> >Why didn't we think of that before ?
> >
> >I don't think I have ever seen a program execute anything in the datasegment
,
> >so we should have little trouble with this...
> 
>    Umm, and how are you going to deal with shared libraries or other mapped
> files that you wish to execute? The best you could hope for would be to limit
> the code segment to below the stack (to prevent execution of stuff on the
> stack), but I don't think this would affect the recent syslog problem - wasn'
t
> the stack buffer allocated from the data segment?

Most of the trouble is in the code of the programs.
Most of the trouble happens with the stack.
The shlib loader could be modified to classify the pages as RO, RW, RX.

That would indeed cut out most of the trouble.

--
Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
whois: [PHK]                | phk@ref.tfs.com       TRW Financial Systems, Inc.
Just that: dried leaves in boiling water ?