Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability

• To: www-security@ns2.rutgers.edu
• Subject: Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• From: rdenny@netcom.com
• Date: Thu, 16 Feb 95 20:24:02 PST
• Reply-To: www-security@ns2.rutgers.edu

>And what do you suggest for a real OS? A real language? And how does a process
>efficiently pass variables to functions if it can't write to it's stack.

Right, but can the machine/OS be made to execute _code_ written into the
stack????

>A special dedicated stack - I don't see where this is a UNIX screw up.

No, separate instruction and data space (I&D space). It's been around
for many years. Later PDP-11 models had it, e.g.

  -- Bob

Robert B. Denny  PGP key via finger rdenny@netcom.com or most keyservers
+1 818 792 5656  Fprnt: C7 41 F1 81 A0 C3 3D 42  5D 9A 58 5F D2 E2 B4 FB

• Previous: Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• Next: Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
• Index(es):
  • Index
  • Thread