Date: Mon, 20 Jul 1998 15:29:32 +0400 From: Alexandre Snarskii <snar@paranoia.ru> To: Warner Losh <imp@village.org>, Archie Cobbs <archie@whistle.com> Cc: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <19980720152932.42290@nevalink.ru> In-Reply-To: <199807200148.TAA07794@harmony.village.org>; from Warner Losh on Sun, Jul 19, 1998 at 07:48:30PM -0600 References: <199807200102.SAA07953@bubba.whistle.com> <199807200148.TAA07794@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 19, 1998 at 07:48:30PM -0600, Warner Losh wrote: > > One way to "solve" this problem would be to have all calls push a > "guard" page that could be unmapped. This would solve the stack > overflow problems, but not all overflows. Again, this is at a huge > price which I don't think I'd want to pay. > > Another high cost option would be to have a purify/checker-like > functionality compiled into everything and cause a segv or some other > generally fatal signal. This would solve all the overflows, but again > at a huge price. At huge computing price. Measured in seconds, spent by processor to perform needed computing. As for me, the cost of upgrade to computers, which will perform these computing is much less than the cost of every outage caused by remote exploit. Just my 2 cents. -- Alexandre Snarskii the source code is included To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980720152932.42290>