Date: Thu, 20 Jun 2002 23:57:21 -0700 (PDT) From: Lamont Granquist <lamont@scriptkiddie.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Patrick Thomas <root@utility.clubscholarship.com>, <freebsd-hackers@freebsd.org> Subject: Re: inuring FreeBSD to the apache bug without upgrading apache ? Message-ID: <20020620235248.L567-100000@coredump.scriptkiddie.org> In-Reply-To: <20020620192839.A72755@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I think that libsafe would "protect" against this bug to at least prevent against any possible malicious code execution. I think it still leaves the DoS possibility open though... Even some kind of non-exec stack protection patched into FBSD would only generate a SEGV if it got triggered[*]. Very hard to stop the DoS. [*] and yes does nothing to prevent against malicious code execution attacks on x86 architecture either, only obscures... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020620235248.L567-100000>