Insecure hardware (was Re: gets(3) nonsense)

Anton Rang rang at cpsin3.cps.msu.edu
Tue Nov 29 01:30:11 AEST 1988


One quick note here...

Chris Torek (chris at mimsy.UUCP), in article 14733 at mimsy.UUCP, writes:
>>In article <2330 at cbnews.ATT.COM> lvc at cbnews.ATT.COM (Lawrence V. Cipriani)
>>asks:
>>>Was the one of the reasons the two processor types were attacked
>>>because they would allow code to be executed in data space?

>(It is worth noting that the fingerd attack was applied only to VAXen.)

> [ stuff deleted ]

>Now, if the VAX hardware had refused to execute data pages---perhaps
>by refusing to execute any pages with user-write permission enabled---
>the worm could not have run code off the stack.

  VAX processors do have separate bits for read, write, and execute on
each page (I seem to vaguely recall one more).  The problem lies with
the implementation of BSD and Ultrix, which leave the stack
executable; I can't see any reason for this offhand.

+---------------------------+------------------------+----------------------+
| Anton Rang (grad student) | "UNIX: Just Say No!"   | "Do worry...be SAD!" |
| Michigan State University | rang at cpswh.cps.msu.edu |                      |
+---------------------------+------------------------+----------------------+



More information about the Comp.unix.wizards mailing list