From owner-freebsd-security Wed Aug 30 03:10:32 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.FreeBSD.org (8.6.11/8.6.6) id DAA23993 for security-outgoing; Wed, 30 Aug 1995 03:10:32 -0700 Received: from critter.tfs.com ([140.145.230.252]) by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id DAA23986 for ; Wed, 30 Aug 1995 03:10:27 -0700 Received: from localhost (localhost [127.0.0.1]) by critter.tfs.com (8.6.11/8.6.9) with SMTP id DAA01250; Wed, 30 Aug 1995 03:08:08 -0700 X-Authentication-Warning: critter.tfs.com: Host localhost didn't use HELO protocol To: davidg@Root.COM cc: "Jonathan M. Bresler" , Bruce Evans , security@freebsd.org Subject: Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd) In-reply-to: Your message of "Wed, 30 Aug 1995 01:59:25 PDT." <199508300859.BAA04030@corbin.Root.COM> Date: Wed, 30 Aug 1995 03:08:07 -0700 Message-ID: <1248.809777287@critter.tfs.com> From: Poul-Henning Kamp Sender: security-owner@freebsd.org Precedence: bulk > >> the segment descriptors support the text (code) vs data > >> identification. this would be a big win regarding security (and writing > >> to wild pointers that hit your own code segment ;) > > > >Why didn't we think of that before ? > > > >I don't think I have ever seen a program execute anything in the datasegment , > >so we should have little trouble with this... > > Umm, and how are you going to deal with shared libraries or other mapped > files that you wish to execute? The best you could hope for would be to limit > the code segment to below the stack (to prevent execution of stuff on the > stack), but I don't think this would affect the recent syslog problem - wasn' t > the stack buffer allocated from the data segment? Most of the trouble is in the code of the programs. Most of the trouble happens with the stack. The shlib loader could be modified to classify the pages as RO, RW, RX. That would indeed cut out most of the trouble. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. Just that: dried leaves in boiling water ?