From: Jeremy Jackson <jeremy.jackson@sympatico.ca>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Is this the ultimate stack-smash fix?
Date: Thu, 15 Feb 2001 10:32:39 -0500 [thread overview]
Message-ID: <3A8BF697.D594237F@sympatico.ca> (raw)
In-Reply-To: <3A899FEB.D54ABBC7@sympatico.ca> <m1lmr98c5t.fsf@frodo.biederman.org> <3A8ADA30.2936D3B1@sympatico.ca> <m1hf1w8qea.fsf@frodo.biederman.org>
"Eric W. Biederman" wrote:
> Jeremy Jackson <jeremy.jackson@sympatico.ca> writes:
>
> > "Eric W. Biederman" wrote
> No. I'm not talking about stack-guard patches. I'm talking about bounds checking.
Sorry, I was quite incoherent. Many others have pointed out that there exist
patches for non-executatble stack, and the problems with it. That's what I meant to
comment on. But I'm glad to find out about bounds checking as an option.
> But the gcc bounds checking work is the ultimate buffer overflow fix.
> You can recompile all of your trusted applications, and libraries with
> it and be safe from one source of bugs.
That's why I was wondering of limiting privileged addresses security at a more
fundamental level... as you say above,
this fixes *ONE* source of bugs(security threats)... but itn't it inevitable that
there will be others? But if services are each put
in a separate box, that doesn't have a door leading to the inner sanctum, things would
be more secure in spite of "bugs".
Well I thank everyone for their responses in this thread, I think It's been beaten
into the ground (my original idea),
and I'm left with some food for thought.
next prev parent reply other threads:[~2001-02-15 15:38 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-02-13 20:58 Is this the ultimate stack-smash fix? Jeremy Jackson
2001-02-13 21:06 ` Alan Cox
2001-02-13 21:22 ` James Sutherland
2001-02-13 23:04 ` Bruce Harada
2001-02-13 23:14 ` William T Wilson
2001-02-14 16:25 ` Eric W. Biederman
2001-02-14 19:19 ` Jeremy Jackson
2001-02-14 20:43 ` Gerhard Mack
2001-02-15 5:30 ` Eric W. Biederman
2001-02-15 15:29 ` Manfred Spraul
2001-02-15 16:00 ` Eric W. Biederman
2001-02-17 14:43 ` Peter Samuelson
2001-02-18 4:53 ` Eric W. Biederman
2001-02-20 1:10 ` Andreas Bombe
2001-02-20 9:09 ` Xavier Bestel
2001-02-20 16:40 ` Jeremy Jackson
2001-02-20 17:04 ` Xavier Bestel
2001-02-21 0:13 ` Andreas Bombe
2001-02-21 9:30 ` Xavier Bestel
2001-02-15 15:32 ` Jeremy Jackson [this message]
2001-02-17 10:47 ` Florian Weimer
2001-02-17 20:32 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3A8BF697.D594237F@sympatico.ca \
--to=jeremy.jackson@sympatico.ca \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox