Date: Wed, 1 Dec 1999 13:59:13 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: naiden.markacehv@usask.ca Cc: Matt <matthew@netsol.net>, freebsd-security@FreeBSD.ORG Subject: Re: stack overflow and security Message-ID: <Pine.BSF.3.96.991201135544.4689B-100000@fledge.watson.org> In-Reply-To: <3844628D.E6490B17@mail.usask.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't know if the original message author meant it or not, but the author used the words "stack overflow" and not "buffer overflow". In my mind, "stack overflow" implies walking off the bottom of the available stack space, and is usually the result of excessive recursion or implicit allocation of something inappropriate in the function call stack. As far as I know, there have only been denial of service possibilities with this (i.e., process dies with SIGSEGV), and I have never heard of a stack overflow resulting in elevated privileges for the attacker. There are a few potential ways you might do this, but all are pretty far-fetched -- most involve the "rediculous thing in the stack" allocation issue. I'm not sure how we're handling the bottoms of thread stacks, but with the Coda LWP package, it was possible to walk off the bottom of one stack onto the top of another (or something else) resulting in poor behavior, which might be exploitable. On Tue, 30 Nov 1999, Naiden wrote: > Matt wrote: > > > > can any one help to explain how stack over security exploit. does anyone > > know how to fix it? How it happens? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > Here is a site that answers your question..... at least the "how it > happens" part. > http://www.helloworld.ca/1999/04-apr/attack_class.html > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.991201135544.4689B-100000>