Xref: utzoo comp.lang.c:14326 comp.unix.wizards:12921
Newsgroups: comp.lang.c,comp.unix.wizards
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: Insecure hardware (was Re: gets(3) nonsense)
Message-ID: <1988Nov28.204018.2079@utzoo.uucp>
Organization: U of Toronto Zoology
References: <867@cernvax.UUCP> <645@quintus.UUCP> <339@igor.Rational.COM> <644@scotty.UUCP> <288@ispi.UUCP> <2330@cbnews.ATT.COM>
Date: Mon, 28 Nov 88 20:40:18 GMT

In article <2330@cbnews.ATT.COM> lvc@cbnews.ATT.COM (Lawrence V. Cipriani) writes:
>... To what extent can hardware be at fault?  Was the one of the
>reasons the two processor types were attacked because they would allow
>code to be executed in data space?  Is this what happened?  Some other
>machines will produce a core dump if you pull this...

One should remember that dynamic code generation (necessarily into the
data space) followed by execution of the resulting code can be a very
valuable technique for things like interpreters.  One can finesse that
with a "change data to code" system call, but the system-call overhead
can hurt badly.
-- 
SunOSish, adj:  requiring      |     Henry Spencer at U of Toronto Zoology
32-bit bug numbers.            | uunet!attcan!utzoo!henry henry@zoo.toronto.edu