Date: Sun, 19 Jul 1998 16:17:45 -0600 From: Brett Glass <brett@lariat.org> To: Alfred <perlsta@fs3.ny.genx.net> Cc: security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <199807192217.QAA03542@lariat.lariat.org> In-Reply-To: <Pine.SOL.4.00.9807191735350.28070-100000@fs3.ny.genx.net> References: <199807192047.OAA02264@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
It could be a kernel option: "Turn off at your own risk." --Brett At 05:37 PM 7/19/98 -0400, Alfred wrote: >there was a thread about this just a week ago, it was something to do with >signals and threads. and breakage of some ancient programs. > >-Alfred > >also there was just an announcement about some package to "self-check" >executables for stack corruption. > >On Sun, 19 Jul 1998, Brett Glass wrote: > >> We're going to be spending about a man-month rebuilding a complex system >> that was hacked due to a buffer overflow exploit. Looking back at our >> system log files, I can see exactly how the hack was done and how the >> perpetrator was able to get root. >> >> What I CAN'T understand is why FreeBSD allows the hack to occur. Why on >> Earth would one want to allow code to be executed from the stack? The Intel >> segmentation model normally prevents this, and there's additional hardware >> in the MMU that's supposed to be able to preclude it. Why does the OS leave >> this gigantic hole open? Why not just close it? >> >> --Brett Glass >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe security" in the body of the message >> > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807192217.QAA03542>