Date: Wed, 3 Nov 1999 09:00:03 -0800 From: Andre Gironda <andre@sun4c.net> To: David G Andersen <danderse@cs.utah.edu> Cc: Andre Gironda <andre@sun4c.net>, frank@hellbell.agava.ru, freebsd-security@FreeBSD.ORG Subject: Re: stack protecting Message-ID: <19991103090003.B18803@toaster.sun4c.net> In-Reply-To: <199911031358.GAA22340@faith.cs.utah.edu>; from David G Andersen on Wed, Nov 03, 1999 at 06:58:09AM -0700 References: <19991103012048.A18803@toaster.sun4c.net> <199911031358.GAA22340@faith.cs.utah.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 03, 1999 at 06:58:09AM -0700, David G Andersen wrote: > Lo and behold, Andre Gironda once said: > > > > Stack protection doesn't work as there are still heap overflows and > > race conditions. it's best to apply TPE patches (Phrack, Issue 52/54), > > like originally implemented on upt.org. Or write perfect code ;> > > While I agree with you that it's not a perfect solution, isn't that > like saying that using a car alarm isn't a good idea, even though it will > prevent 50% of the breakins to your car? > > Defense in depth *is* a good idea. Stackguard and like products can > help quite a bit with this. I wouldn't go around toting car alarms or Stackguard for full protection, that's all. ;> And I really doubt in either case you prevent 50% of breakins. There is a LOT of material available that explains the inner- workings of heap overflows. There is a lot of generated code that aids a person with exploiting heap overflows. They are readily available just like stack overflow exploit scripts are readliy available. If you can find a way to stack protect FreeBSD, go for it, I say. But it's not going to solve every problem. dre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991103090003.B18803>