From owner-freebsd-security  Mon Jul 20 04:33:16 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id EAA24381
          for freebsd-security-outgoing; Mon, 20 Jul 1998 04:33:16 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from marta.arcom.spb.su (marta.arcom.spb.su [195.190.100.18])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA24353
          for <security@FreeBSD.ORG>; Mon, 20 Jul 1998 04:33:11 -0700 (PDT)
          (envelope-from snar@marta.arcom.spb.su)
Received: (from snar@localhost)
	by marta.arcom.spb.su (8.8.8/t/97-Mar-14) id PAA25475;
	Mon, 20 Jul 1998 15:29:33 +0400 (MSD)
Message-ID: <19980720152932.42290@nevalink.ru>
Date: Mon, 20 Jul 1998 15:29:32 +0400
From: Alexandre Snarskii <snar@paranoia.ru>
To: Warner Losh <imp@village.org>, Archie Cobbs <archie@whistle.com>
Cc: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG
Subject: Re: The 99,999-bug question: Why can you execute from the stack?
References: <199807200102.SAA07953@bubba.whistle.com> <199807200148.TAA07794@harmony.village.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89i
In-Reply-To: <199807200148.TAA07794@harmony.village.org>; from Warner Losh on Sun, Jul 19, 1998 at 07:48:30PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, Jul 19, 1998 at 07:48:30PM -0600, Warner Losh wrote:
> 
> One way to "solve" this problem would be to have all calls push a
> "guard" page that could be unmapped.  This would solve the stack
> overflow problems, but not all overflows.  Again, this is at a huge
> price which I don't think I'd want to pay.
> 
> Another high cost option would be to have a purify/checker-like
> functionality compiled into everything and cause a segv or some other
> generally fatal signal.  This would solve all the overflows, but again
> at a huge price.

At huge computing price. Measured in seconds, spent by processor
to perform needed computing. As for me, the cost of upgrade to 
computers, which will perform these computing is much less
than the cost of every outage caused by remote exploit.
Just my 2 cents.
-- 
Alexandre Snarskii
the source code is included

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message