Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Aug 1995 03:08:07 -0700
From:      Poul-Henning Kamp <phk@critter.tfs.com>
To:        davidg@Root.COM
Cc:        "Jonathan M. Bresler" <jmb@kryten.atinc.com>, Bruce Evans <bde@zeta.org.au>, security@freebsd.org
Subject:   Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 (fwd) 
Message-ID:  <1248.809777287@critter.tfs.com>
In-Reply-To: Your message of "Wed, 30 Aug 1995 01:59:25 PDT." <199508300859.BAA04030@corbin.Root.COM> 

next in thread | previous in thread | raw e-mail | index | archive | help
> >> 	the segment descriptors support the text (code) vs data 
> >> identification.  this would be a big win regarding security (and writing 
> >> to wild pointers that hit your own code segment ;)
> >
> >Why didn't we think of that before ?
> >
> >I don't think I have ever seen a program execute anything in the datasegment
,
> >so we should have little trouble with this...
> 
>    Umm, and how are you going to deal with shared libraries or other mapped
> files that you wish to execute? The best you could hope for would be to limit
> the code segment to below the stack (to prevent execution of stuff on the
> stack), but I don't think this would affect the recent syslog problem - wasn'
t
> the stack buffer allocated from the data segment?

Most of the trouble is in the code of the programs.
Most of the trouble happens with the stack.
The shlib loader could be modified to classify the pages as RO, RW, RX.

That would indeed cut out most of the trouble.

--
Poul-Henning Kamp           | phk@FreeBSD.ORG       FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk    Private mailbox.
whois: [PHK]                | phk@ref.tfs.com       TRW Financial Systems, Inc.
Just that: dried leaves in boiling water ?



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1248.809777287>