Date: Mon, 20 Jul 1998 10:13:11 -0600 From: Nate Williams <nate@mt.sri.com> To: Warner Losh <imp@village.org> Cc: Archie Cobbs <archie@whistle.com>, brett@lariat.org (Brett Glass), security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <199807201613.KAA07117@mt.sri.com> In-Reply-To: <199807200148.TAA07794@harmony.village.org> References: <199807200102.SAA07953@bubba.whistle.com> <199807200148.TAA07794@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[ Making the stack non-executable ] > : As an almost-example of why executing on the stack is not completely > : crazy, consider JIT-compiling Java runtimes like kaffe. These dynamically > : compile Java methods into i386 executable instructions, then execute > : those methods. Kaffe actually does this on the heap I think, but it just > : as reasonable if it wanted to do it on the stack (eg, perhaps some kind > : of temporary method, trampoline code to get things going, etc). > > I think that most, but not all, of the problems can be fixed by making > the stack non-executables for set[gu]id binaries. This wouldn't have done a thing for Brett, since it appears he was attacked via the bug in popper, which is not setuid but runs out of inetd. Programs that run out of inetd have been the majority of the 'external' breakin programs used if you throw out sendmail. :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807201613.KAA07117>