Date: Sun, 19 Jul 1998 22:43:58 +0000 From: Niall Smart <rotel@indigo.ie> To: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <199807192143.WAA00967@indigo.ie> In-Reply-To: <199807192047.OAA02264@lariat.lariat.org>; Brett Glass <brett@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 19, 2:47pm, Brett Glass wrote: } Subject: The 99,999-bug question: Why can you execute from the stack? > We're going to be spending about a man-month rebuilding a complex system > that was hacked due to a buffer overflow exploit. Looking back at our > system log files, I can see exactly how the hack was done and how the > perpetrator was able to get root. > > What I CAN'T understand is why FreeBSD allows the hack to occur. Why on > Earth would one want to allow code to be executed from the stack? The Intel > segmentation model normally prevents this, and there's additional hardware > in the MMU that's supposed to be able to preclude it. Why does the OS leave > this gigantic hole open? Why not just close it? Making the stack non executable doesn't stop buffer overflow attacks; see www.geek-girl.com/bugtraq/ for more information. Its still useful for stopping script monkeys though so I ordered a set of intel manuals with the idea of doing this but I haven't got around to it yet, maybe soon. Niall -- Niall Smart. PGP: finger njs3@motmot.doc.ic.ac.uk FreeBSD: Turning PC's into Workstations: www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807192143.WAA00967>