From owner-freebsd-security  Tue Aug 29 17:55:00 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id RAA01206
          for security-outgoing; Tue, 29 Aug 1995 17:55:00 -0700
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id RAA01192
          for <security@freebsd.org>; Tue, 29 Aug 1995 17:54:31 -0700
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id KAA09866; Wed, 30 Aug 1995 10:47:12 +1000
Date: Wed, 30 Aug 1995 10:47:12 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199508300047.KAA09866@godzilla.zeta.org.au>
To: bde@zeta.org.au, jmb@kryten.Atinc.COM
Subject: Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd)
Cc: security@freebsd.org
Sender: security-owner@freebsd.org
Precedence: bulk

>> Anyone for execute-protected data by default if the machine can support
>> it?  Programs that want to execute data should have to request it and
>> everything else would be more secure.

>	the segment descriptors support the text (code) vs data 
>identification.  this would be a big win regarding security (and writing 
>to wild pointers that hit your own code segment ;)

Segment descriptors don't help for the second point because the code and
data segments have the same base (virtual address 0).  However, text pages
should be write protected at the page level.

The code segment doesn't need to overlap the data segment but it's more
convenient when it does and I don't think gnu ld supports separate I&D.

Bruce