Date: Sun, 25 Aug 1996 23:33:45 -0700 From: David Greenman <dg@root.com> To: Warner Losh <imp@village.org> Cc: Gene Stark <gene@starkhome.cs.sunysb.edu>, security@FreeBSD.org Subject: Re: Vulnerability in the Xt library (fwd) Message-ID: <199608260633.XAA00528@root.com> In-Reply-To: Your message of "Mon, 26 Aug 1996 00:05:52 MDT." <199608260605.AAA07212@rover.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>: However, this new system call could test to make sure that it is >: being executed from the text segment, which is read-only, and refuse >: to perform if not. > >Well, couldn't the code that was inserted onto the stack copy itself >somewhere handy, make that a read only text segment, and make these >calls? > >Why is the stack segment executable in the first place? Or does Intel >require this? There isn't any notion of "executable" in the x86 page table mechanism. You could probably use the user code selector to limit execution to low (lower than the stack) addresses, but you'd have to deal with the signal trampoline. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608260633.XAA00528>