From owner-freebsd-security Wed Aug 30 01:59:01 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.FreeBSD.org (8.6.11/8.6.6) id BAA19633 for security-outgoing; Wed, 30 Aug 1995 01:59:01 -0700 Received: from Root.COM (implode.Root.COM [198.145.90.17]) by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id BAA19627 for ; Wed, 30 Aug 1995 01:58:58 -0700 Received: from corbin.Root.COM (corbin [198.145.90.34]) by Root.COM (8.6.12/8.6.5) with ESMTP id BAA20197; Wed, 30 Aug 1995 01:57:54 -0700 Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.11/8.6.5) with SMTP id BAA04030; Wed, 30 Aug 1995 01:59:49 -0700 Message-Id: <199508300859.BAA04030@corbin.Root.COM> To: Poul-Henning Kamp cc: "Jonathan M. Bresler" , Bruce Evans , security@freebsd.org Subject: Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd) In-reply-to: Your message of "Wed, 30 Aug 95 00:40:04 PDT." <549.809768404@critter.tfs.com> From: David Greenman Reply-To: davidg@Root.COM Date: Wed, 30 Aug 1995 01:59:25 -0700 Sender: security-owner@freebsd.org Precedence: bulk >> the segment descriptors support the text (code) vs data >> identification. this would be a big win regarding security (and writing >> to wild pointers that hit your own code segment ;) > >Why didn't we think of that before ? > >I don't think I have ever seen a program execute anything in the datasegment, >so we should have little trouble with this... Umm, and how are you going to deal with shared libraries or other mapped files that you wish to execute? The best you could hope for would be to limit the code segment to below the stack (to prevent execution of stuff on the stack), but I don't think this would affect the recent syslog problem - wasn't the stack buffer allocated from the data segment? -DG