Date: Mon, 26 Aug 1996 16:14:07 +0930 (CST) From: newton@communica.com.au (Mark Newton) To: imp@village.org (Warner Losh) Cc: gene@starkhome.cs.sunysb.edu, security@FreeBSD.org Subject: Re: Vulnerability in the Xt library (fwd) Message-ID: <9608260644.AA23586@communica.com.au> In-Reply-To: <199608260605.AAA07212@rover.village.org> from "Warner Losh" at Aug 26, 96 00:05:52 am
next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote:
> : However, this new system call could test to make sure that it is
> : being executed from the text segment, which is read-only, and refuse
> : to perform if not.
>
> Well, couldn't the code that was inserted onto the stack copy itself
> somewhere handy, make that a read only text segment, and make these
> calls?
> Why is the stack segment executable in the first place? Or does Intel
> require this?
Because this would fall over if it wasn't:
main(int ac, char **av)
{
time_t localtime, (*yukky)(time_t *) = time;
yukky(&localtime);
printf("%s", ctime(&localtime));
}
- mark
---
Mark Newton Email: newton@communica.com.au
Systems Engineer Phone: +61-8-373-2523
Communica Systems WWW: http://www.communica.com.au
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9608260644.AA23586>