Date: Fri, 25 Sep 1998 17:26:32 -0400 From: "Allen Smith" <easmith@beatrice.rutgers.edu> To: Alexandre Snarskii <snar@paranoia.ru>, Warner Losh <imp@village.org> Cc: security@FreeBSD.ORG Subject: Re: The 99,999-bug question: Why can you execute from the stack? Message-ID: <9809251726.ZM5725@beatrice.rutgers.edu> In-Reply-To: Alexandre Snarskii <snar@paranoia.ru> "Re: The 99,999-bug question: Why can you execute from the stack?" (Sep 18, 12:25pm) References: <199807200102.SAA07953@bubba.whistle.com> <199807200148.TAA07794@harmony.village.org> <imp@village.org> <9807192209.ZM23527@beatrice.rutgers.edu> <19980720173800.17978@nevalink.ru> <snar@paranoia.ru> <9809171619.ZM23712@beatrice.rutgers.edu> <19980918202308.39458@nevalink.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 18, 12:25pm, Alexandre Snarskii (possibly) wrote: > Library, which checks stack integrity only for cases > of setugid/root owned now called libaranoia.N.N-root.tgz, > where N.N is a version. Note, that these checks is > a little broken by design - there are some daemons > (tftpd, for example) running non-setuid and with euid!=0, > so, no checks of stack integrity done. I've done a bit of a redesign of it, which after testing I'll make available - it's a very minor change, which basically has the libparanoia version always doing the checks and the libc version only doing the checks if the geteuid & issetugid checks turn out possibly problematic. (An #ifdef LIBPARANOIA is about all this is... I'm not much of a C programmer. > > > > Sorry about the delay on replying to this; I've been busy. While this > > is a nicer way to do this in many ways, I am concerned in whether the > > delay from calling the libparanoia checks is from the function call or > > from what the function does. If the latter, fine; if the former, the > > problem I was working on (avoiding the slowdown except when really > > needed) still exists. Any idea which is the case? (Of course, there's > ^^^^^^^^^^^^^^^^^^^^^^^^^^ > Second one. Excellent. > > also the time taken in doing the issetugid and geteuid checks in > > either case, whether one has them in the individual functions or in > > This check done only once - at first call to any 'insecure' > function. Result stored in global static variable, and used > in later calls to avoid switching to kernel mode. Hmm... right. Good design. Thanks, -Allen -- Allen Smith easmith@beatrice.rutgers.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9809251726.ZM5725>