Date: Tue, 12 Aug 2003 04:40:11 -0700 (PDT) From: Jason Stone <freebsd-security@dfmm.org> To: security@freebsd.org Subject: RE: realpath(3) et al Message-ID: <20030812042912.V3417@walter> In-Reply-To: <004001c360c3$da6cf9d0$9f8d2ed5@internal> References: <004001c360c3$da6cf9d0$9f8d2ed5@internal>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Protecting against stack smashing is quite important; I think many > hosting environments not using LISP or other executable-stack-reliant > packages would benefit from this. By negating the ability to execute > injected code through a buffer overflow, security is highly increased. I think that this topic has come up before on the list - please check the archives before you get into it again. I think that the consensus has been something along the lines of, it would be nice, _but_: 1) It requires ugly tricks to implement on i386; 2) It does not canonically stop the exploitation of buffer overruns - yes, it stops the current attacks, but the underlying problem that an attacker can change the flow of program execution remains; 3) It would break a whole bunch of stuff. -Jason -------------------------------------------------------------------------- Freud himself was a bit of a cold fish, and one cannot avoid the suspicion that he was insufficiently fondled when he was an infant. -- Ashley Montagu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE/ONIbswXMWWtptckRAmeWAKCR0+gKO1TeBncCaIzGaz0OuIaEnwCgpe7u o6iRC44JMJe86lhPj7CqdEg= =ijiO -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030812042912.V3417>