Re: 3.0 wishlist Was: Overview of 2.2.x goals?

linux kernel account (linker@nightshade.z.ml.org)
Thu, 22 Jan 1998 13:47:48 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: linux kernel account: "Re: OFFTOPIC: (Re: 3.0 wishlist....)-->64bit"
Previous message: linux kernel account: "Re: 3.0 wishlist Was: Overview of 2.2.x goals?"

On Thu, 22 Jan 1998 ak@muc.de wrote:
> It has side effects. It needs an ugly special case to detect legitimate
> uses of stack code (e.g. gcc trampolines), which may fail with more
> obscure compilers or interpreters that do this. My point actually was
> only that the security improvement of this change is not as high as many
> think.

It doesn't have side effects if it's turned off.. :)

>
> > This is an imperfect world, and rejecting something because it isn't
> > perfect doesn't help. It won't *force* applications to be more
> > careful, which is what some may hope for.
>
> That is irrelevant, because it needs only a slight adaption by the
> exploit writers.

Absoulty Untrue. I offered cash, a few said they'd try. I got no
responce.. If it were that easy.. :)

A 'slight adaption' isn't always possible when you are trying to overflow
a buffer..

> >
> > "The point of locks on your house is not to stop burglars, but to make
> > it harder for them so that they try the next house down the street".
>
> "Using antibiotica carelessly harms more in the long run, because the
> bacteria becomes immune, so it won't work when you really need it"
> (OK, not 100% accurate)
>
Actually, 100% unrelated.
> -A.
>

Next message: linux kernel account: "Re: OFFTOPIC: (Re: 3.0 wishlist....)-->64bit"
Previous message: linux kernel account: "Re: 3.0 wishlist Was: Overview of 2.2.x goals?"