Date: Wed, 22 Jul 1998 03:26:47 +0400 From: Alexandre Snarskii <snar@paranoia.ru> To: Peter Jeremy <peter.jeremy@alcatel.com.au> Cc: security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <19980722032647.05314@nevalink.ru> In-Reply-To: <199807212304.JAA28032@gsms01.alcatel.com.au>; from Peter Jeremy on Wed, Jul 22, 1998 at 09:04:27AM %2B1000 References: <199807212304.JAA28032@gsms01.alcatel.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 22, 1998 at 09:04:27AM +1000, Peter Jeremy wrote: > On Wed, 22 Jul 1998 01:31:20 +0400, Alexandre Snarskii <snar@paranoia.ru> wrote: > >On Mon, Jul 20, 1998 at 02:30:33PM -0700, Don Lewis wrote: > >> In the situations where I've used code compiled this way, it seems > >> to average about a factor of 20 more expensive in terms of CPU usage. > > > >Strange result. Program, which does nothig but 100.000 strcpy's > >works _six_ times slower with bounds checking, but not 20... > > It's strongly dependent on which strcpy was used: Sorry, it should be explained that i used handwritten strcpy from libparanoia. > 1) If you use the strcpy in libc, then there's no bounds checking - > all you get is that both the source and destination pointers are > valid when strcpy is called. > 2) The bounds checking library includes a strcpy which is bounds > checking aware - it explicitly checks the source string and > destination buffer for validity and compatibility and then performs > the copy without further checks. > 3) If you wrote your own strcpy, then each time you copy a character, > both the source and destination pointers will be checked. Fourth way :) First thing, which strcpy does is a call to function, which saves last 10 BP/IP pairs from stack to internal array, then original strcpy code executed ( w/out any checking ), and at exit called function, which retrieves last 10 BP/IP pairs and compares it with saved ones. Really there are a little more complicated algorhytm, but, i hope you got the main idea. -- Alexandre Snarskii the source code is included To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980722032647.05314>