From owner-freebsd-security Tue Jul 21 11:48:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA14134 for freebsd-security-outgoing; Tue, 21 Jul 1998 11:48:54 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (ppp1000.lariat.org@[206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA14103 for ; Tue, 21 Jul 1998 11:48:39 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.8) id MAA14756; Tue, 21 Jul 1998 12:48:07 -0600 (MDT) Message-Id: <199807211848.MAA14756@lariat.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Tue, 21 Jul 1998 12:48:03 -0600 To: Niall Smart From: Brett Glass Subject: Re: The 99,999-bug question: Why can you execute from the stack? Cc: security@FreeBSD.ORG In-Reply-To: <98Jul21.093736bst.19713@gateway.euristix.ie> References: <199807200148.TAA07794@harmony.village.org> <199807200102.SAA07953@bubba.whistle.com> <199807200148.TAA07794@harmony.village.org> <199807201714.LAA19993@lariat.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:39 AM 7/21/98 +0100, Niall Smart wrote: >Eh? Call gates are entry points to different priviledge levels. I >don't >see how you intend to use them to stop the problem of the buffer >overflow. Call gates don't necessarily do ring transitions. They DO make sure you can't jump into the middle of a routine. They're not intended to stop buffer overflow, but to prevent an even more subtle hack. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message