Date: Sat, 18 Nov 2000 00:03:50 +0100 From: "Andreas Alderud" <aaldv97@student.vxu.se> To: <security@FreeBSD.ORG> Subject: Re: FYI: Propolice for gcc-2.95.2 Message-ID: <001e01c050ea$a5f32a80$8e00a8c0@XGod>
next in thread | raw e-mail | index | archive | help
Mike Silbersack <silby@silby.com> wrote:
>MAC and stack-smashing protection are certainly not mutally
>exclusive. Even if the base system is configured with strong access
>barriers to compromised programs, there is still lesser mischief
>that can be performed.
Hardly needed, look at VMS for example, what is needed is more layers, not
just user and god(i.e. root).
Besides, getting past the stack guards in programs isn't much harder than
writing an ordinary exploit, though a bit different.
>Additionally, it's very likely that people will still installed wu-ftpd,
>qpopper, imapd, etc from ports. None of trustedbsd's features will help
>when confronted with the default behavior of these programs. Stack
>protection, on the other hand, would have prevented a good amount of the
>past bugs in these programs, and will likely continue to be a good
>protection method.
Good for debuging, but an exploit is quite more than just an ordinary
overflow.
I welcome it as a developer debuging feature in 5.x, and as a security
hardening feature in 4.x.
/Kind regards,
David A. Alderud
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001e01c050ea$a5f32a80$8e00a8c0>