From owner-freebsd-hackers Tue Feb 11 18:31:50 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id SAA11574 for hackers-outgoing; Tue, 11 Feb 1997 18:31:50 -0800 (PST) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA11569 for ; Tue, 11 Feb 1997 18:31:46 -0800 (PST) Received: from parkplace.cet.co.jp (parkplace.cet.co.jp [202.32.64.1]) by who.cdrom.com (8.7.5/8.6.11) with ESMTP id SAA03327 for ; Tue, 11 Feb 1997 18:31:35 -0800 (PST) Received: from localhost (michaelh@localhost) by parkplace.cet.co.jp (8.8.5/CET-v2.1) with SMTP id CAA06559; Wed, 12 Feb 1997 02:28:25 GMT Date: Wed, 12 Feb 1997 11:28:24 +0900 (JST) From: Michael Hancock To: dk+@ua.net cc: Alexander Snarskii , freebsd-hackers@FreeBSD.org Subject: Re: Increasing overall security.... In-Reply-To: <199702110604.WAA14933@dog.farm.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 10 Feb 1997, Dmitry Kohmanyuk wrote: > In article <199702091525.RAA05048@burka.carrier.kiev.ua> you wrote: > > 'Why don't rewrite that functions to check the stack integrity > > before return?' says Oleg Panaschenko sometimes ago, and after > > some reflections i found that that is not so bad idea. Yes, we're > > getting some overhead with using these functions rather than > > with standard ones, but, as for me, this overhead is not so big > > and a reason, that i can sleep without nightmares about another > > stack overflow exploits is much important for me. > > that's very good idea. I don't understand the reasons from other people > responding to this negatively. Speaking for myself. The author's original argument for this patch seemed to be because there was no "Theo" in the FreeBSD group. He was unaware of the current situation and I informed him. To play devil's advocate... 1) It requires assembler which is harder to understand. Less people are qualified to review it. Relying on something harder to understand for security is questionable. 2) We don't know if it operates correctly. Sendmail 8.8.5 has around 106 strcpy's in it and we don't know what the patch's effect will be in a production environment. The author should probably instead try to get people to apply it in their own environments and test it for him. If there is enough popular demand then people might make more effort to commit it. Just out of curiosity has this patch been submitted to OpenBSD? Maybe future posts should be directed to security. Regards, Mike Hancock