From owner-freebsd-security  Sun Aug 25 23:06:03 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA19885
          for security-outgoing; Sun, 25 Aug 1996 23:06:03 -0700 (PDT)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA19879
          for <security@freebsd.org>; Sun, 25 Aug 1996 23:06:00 -0700 (PDT)
Received: from rover.village.org (localhost [127.0.0.1]) by rover.village.org (8.7.5/8.6.6) with ESMTP id AAA07212; Mon, 26 Aug 1996 00:05:53 -0600 (MDT)
Message-Id: <199608260605.AAA07212@rover.village.org>
To: Gene Stark <gene@starkhome.cs.sunysb.edu>
Subject: Re: Vulnerability in the Xt library (fwd) 
Cc: security@freebsd.org
In-reply-to: Your message of Mon, 26 Aug 1996 01:59:31 EDT
Date: Mon, 26 Aug 1996 00:05:52 -0600
From: Warner Losh <imp@village.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

: However, this new system call could test to make sure that it is
: being executed from the text segment, which is read-only, and refuse
: to perform if not.

Well, couldn't the code that was inserted onto the stack copy itself
somewhere handy, make that a read only text segment, and make these
calls?

Why is the stack segment executable in the first place?  Or does Intel
require this?

Warner