From owner-freebsd-security  Sun Jul 19 21:48:17 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA21515
          for freebsd-security-outgoing; Sun, 19 Jul 1998 21:48:17 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA21509
          for <security@freebsd.org>; Sun, 19 Jul 1998 21:48:15 -0700 (PDT)
          (envelope-from brett@lariat.org)
Received: (from brett@localhost)
	by lariat.lariat.org (8.8.8/8.8.8) id WAA09638;
	Sun, 19 Jul 1998 22:47:46 -0600 (MDT)
Message-Id: <199807200447.WAA09638@lariat.lariat.org>
X-Sender: brett@mail.lariat.org
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 
Date: Sun, 19 Jul 1998 22:47:38 -0600
To: John Dowdal <jdowdal@destiny.erols.com>
From: Brett Glass <brett@lariat.org>
Subject: Re: The 99,999-bug question: Why can you execute from the 
  stack? 
Cc: "Jordan K. Hubbard" <jkh@time.cdrom.com>, dg@root.com,
        security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.96.980720002955.27306A-100000@destiny.erols.com
 >
References: <199807200140.TAA06705@lariat.lariat.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 12:30 AM 7/20/98 -0400, John Dowdal wrote:
 
>As a seasoned assembly language programmer, you should understand the
>subject of "backup" quite well.  

And so I do. But when you're caught between backups, and don't discover
the break-in right away, it's not that straightforward to restore the
system. And restoring it also re-opens security holes.

--Brett 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message