From: Jeremy Jackson <jeremy.jackson@sympatico.ca>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Is this the ultimate stack-smash fix?
Date: Thu, 15 Feb 2001 10:32:39 -0500 [thread overview]
Message-ID: <3A8BF697.D594237F@sympatico.ca> (raw)
In-Reply-To: <3A899FEB.D54ABBC7@sympatico.ca> <m1lmr98c5t.fsf@frodo.biederman.org> <3A8ADA30.2936D3B1@sympatico.ca> <m1hf1w8qea.fsf@frodo.biederman.org>
"Eric W. Biederman" wrote:
> Jeremy Jackson <jeremy.jackson@sympatico.ca> writes:
>
> > "Eric W. Biederman" wrote
> No. I'm not talking about stack-guard patches. I'm talking about bounds checking.
Sorry, I was quite incoherent. Many others have pointed out that there exist
patches for non-executatble stack, and the problems with it. That's what I meant to
comment on. But I'm glad to find out about bounds checking as an option.
> But the gcc bounds checking work is the ultimate buffer overflow fix.
> You can recompile all of your trusted applications, and libraries with
> it and be safe from one source of bugs.
That's why I was wondering of limiting privileged addresses security at a more
fundamental level... as you say above,
this fixes *ONE* source of bugs(security threats)... but itn't it inevitable that
there will be others? But if services are each put
in a separate box, that doesn't have a door leading to the inner sanctum, things would
be more secure in spite of "bugs".
Well I thank everyone for their responses in this thread, I think It's been beaten
into the ground (my original idea),
and I'm left with some food for thought.
next prev parent reply other threads:[~2001-02-15 15:38 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-02-13 20:58 Is this the ultimate stack-smash fix? Jeremy Jackson
2001-02-13 21:06 ` Alan Cox
2001-02-13 21:22 ` James Sutherland
2001-02-13 23:04 ` Bruce Harada
2001-02-13 23:14 ` William T Wilson
2001-02-14 16:25 ` Eric W. Biederman
2001-02-14 19:19 ` Jeremy Jackson
2001-02-14 20:43 ` Gerhard Mack
2001-02-15 5:30 ` Eric W. Biederman
2001-02-15 15:29 ` Manfred Spraul
2001-02-15 16:00 ` Eric W. Biederman
2001-02-17 14:43 ` Peter Samuelson
2001-02-18 4:53 ` Eric W. Biederman
2001-02-20 1:10 ` Andreas Bombe
2001-02-20 9:09 ` Xavier Bestel
2001-02-20 16:40 ` Jeremy Jackson
2001-02-20 17:04 ` Xavier Bestel
2001-02-21 0:13 ` Andreas Bombe
2001-02-21 9:30 ` Xavier Bestel
2001-02-15 15:32 ` Jeremy Jackson [this message]
2001-02-17 10:47 ` Florian Weimer
2001-02-17 20:32 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3A8BF697.D594237F@sympatico.ca \
--to=jeremy.jackson@sympatico.ca \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.