Subject: Re: IPSEC still fails on BETA2/vax (not anymore!)
To: Olaf Seibert <rhialto@polderland.nl>
From: Steven M. Bellovin <smb@research.att.com>
List: port-vax
Date: 07/15/2002 08:14:53
In message <20020715010315.A6339@polderland.nl>, Olaf Seibert writes:


>I wonder if there would be some other
>clever solution. Why is the kernel stack in the U area anyway? Can't it
>just grow on the normal process stack? Perhaps the answer is in the
>Lions book, or The Design and Implementation Of 4.xBSD, but I don't
>recall it exactly. Maybe it has something to do with pageability of the
>user stack ISTR (after some thinking).

The user-space stack?  It's not trustable, may be badly formatted to =

start with, may not even be a stack.  And any sensitive kernel data
that appears on the stack -- keys, for example, in the ipsec case -- =

would have to be thoroughly scrubbed.

It might be possible to get this right -- but it would be very =

difficult, and I don't know that I'd trust the resulting system.
Don't go there.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)