From owner-freebsd-security Wed Nov 3 6: 8: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108]) by hub.freebsd.org (Postfix) with ESMTP id 444F8155B7 for ; Wed, 3 Nov 1999 06:07:57 -0800 (PST) (envelope-from danderse@faith.cs.utah.edu) Received: (from danderse@localhost) by faith.cs.utah.edu (8.9.3/8.9.3) id GAA22340; Wed, 3 Nov 1999 06:58:09 -0700 (MST) From: David G Andersen Message-Id: <199911031358.GAA22340@faith.cs.utah.edu> Subject: Re: stack protecting To: andre@sun4c.net (Andre Gironda) Date: Wed, 3 Nov 1999 06:58:09 -0700 (MST) Cc: frank@hellbell.agava.ru, freebsd-security@FreeBSD.ORG In-Reply-To: <19991103012048.A18803@toaster.sun4c.net> from "Andre Gironda" at Nov 3, 99 01:20:48 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Lo and behold, Andre Gironda once said: > > > Stack protection doesn't work as there are still heap overflows and > race conditions. it's best to apply TPE patches (Phrack, Issue 52/54), > like originally implemented on upt.org. Or write perfect code ;> While I agree with you that it's not a perfect solution, isn't that like saying that using a car alarm isn't a good idea, even though it will prevent 50% of the breakins to your car? Defense in depth *is* a good idea. Stackguard and like products can help quite a bit with this. Now, given that, Stackguard doesn't support FreeBSD. :) -Dave -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message