Re: about buffer overflow.

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Justin Pryzby <justinpryzby@users.sourceforge.net>
To: "Barry K. Nathan" <barryn@pobox.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: about buffer overflow.
Date: Mon, 19 May 2003 16:36:53 -0400	[thread overview]
Message-ID: <20030519203653.GA1718@andromeda> (raw)
In-Reply-To: <E19Hp05-0005FO-00@andromeda>

Check out [http://www.trusteddebian.org/].  They apply a bunch of kernel
patches like grsecurity.  Seems they have to recompile, repackage all
the .debs though.  

It is interesting to note that some of these patches introduce an
apparent non-determinism into userspace; the same inputs could result in
different outputs (the difference is that there are more inputs than
userspace can actually see).  So, maybe it could happen that you get a
segv from an off by 1, but when you rerun it, you can't reproduce it
because all the addresses are different.

In practice, this will eventually segv somewhere, and someone will find
the problem, but its something to consider.

Justin Pryzby

On Mon, May 19, 2003 at 02:22:00AM +0000, Barry K. Nathan wrote:
> 
> On Mon, May 19, 2003 at 03:00:47AM +0300, Halil Demirezen wrote:
> > yes that is interesting, however, what i want to learn, clearly, is
> > this patch available from 2.4.20-rc1 at every default linux kernel
> > from this moment on?
> ...
> BTW, another option is the pageexec ('PaX') patch:
> http://pageexec.virtualave.net/ (warning: this page has pop-up windows)
> 
> and that's integrated into a more comprehensive security patch,
> grsecurity:
> http://www.grsecurity.net/
> 
> -Barry K. Nathan <barryn@pobox.com>

next      parent reply	other threads:[~2003-05-19 20:27 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <E19Hp05-0005FO-00@andromeda>
2003-05-19 20:36 ` Justin Pryzby [this message]
2003-05-18 22:27 about buffer overflow Halil Demirezen
2003-05-18 23:11 ` aradorlinux
2003-05-19  0:00   ` Halil Demirezen
2003-05-19  6:22     ` Barry K. Nathan
2003-05-18 23:15 ` Felipe Alfaro Solana

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030519203653.GA1718@andromeda \
    --to=justinpryzby@users.sourceforge.net \
    --cc=barryn@pobox.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox