From owner-freebsd-security  Wed Nov  3  6: 8: 1 1999
Delivered-To: freebsd-security@freebsd.org
Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108])
	by hub.freebsd.org (Postfix) with ESMTP id 444F8155B7
	for <freebsd-security@FreeBSD.ORG>; Wed,  3 Nov 1999 06:07:57 -0800 (PST)
	(envelope-from danderse@faith.cs.utah.edu)
Received: (from danderse@localhost)
	by faith.cs.utah.edu (8.9.3/8.9.3) id GAA22340;
	Wed, 3 Nov 1999 06:58:09 -0700 (MST)
From: David G Andersen <danderse@cs.utah.edu>
Message-Id: <199911031358.GAA22340@faith.cs.utah.edu>
Subject: Re: stack protecting
To: andre@sun4c.net (Andre Gironda)
Date: Wed, 3 Nov 1999 06:58:09 -0700 (MST)
Cc: frank@hellbell.agava.ru, freebsd-security@FreeBSD.ORG
In-Reply-To: <19991103012048.A18803@toaster.sun4c.net> from "Andre Gironda" at Nov 3, 99 01:20:48 am
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Lo and behold, Andre Gironda once said:
> 
> 
> Stack protection doesn't work as there are still heap overflows and
> race conditions.  it's best to apply TPE patches (Phrack, Issue 52/54),
> like originally implemented on upt.org.  Or write perfect code ;>

   While I agree with you that it's not a perfect solution, isn't that
like saying that using a car alarm isn't a good idea, even though it will
prevent 50% of the breakins to your car?

   Defense in depth *is* a good idea.  Stackguard and like products can
help quite a bit with this.

   Now, given that, Stackguard doesn't support FreeBSD. :)

   -Dave

-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message