From owner-freebsd-security Sun Jul 19 20:25:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA08441 for freebsd-security-outgoing; Sun, 19 Jul 1998 20:25:28 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id UAA08432 for ; Sun, 19 Jul 1998 20:25:23 -0700 (PDT) (envelope-from imp@village.org) Received: from harmony [10.0.0.6] by rover.village.org with esmtp (Exim 1.71 #1) id 0yy6ZX-0003jd-00; Sun, 19 Jul 1998 21:25:07 -0600 Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.8.8/8.8.3) with ESMTP id VAA08432; Sun, 19 Jul 1998 21:27:11 -0600 (MDT) Message-Id: <199807200327.VAA08432@harmony.village.org> To: dg@root.com Subject: Re: The 99,999-bug question: Why can you execute from the stack? Cc: Brett Glass , Archie Cobbs , security@FreeBSD.ORG In-reply-to: Your message of "Sun, 19 Jul 1998 20:20:21 PDT." <199807200320.UAA24309@implode.root.com> References: <199807200320.UAA24309@implode.root.com> Date: Sun, 19 Jul 1998 21:27:11 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199807200320.UAA24309@implode.root.com> David Greenman writes: : shared libc, for example - including, but not limited to, execl()). This : wouldn't require anything to execute from the stack, so making the stack : non-executable wouldn't prevent this from working. Which is one reason why I think that having guard pages between each frame may be the only way to cope with this :-(. Unfortunately, this makes things really expensive and slow and won't prevent all attacks. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message