From owner-freebsd-chat@FreeBSD.ORG  Wed Jun 30 14:01:20 2004
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Delivered-To: freebsd-chat@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4201416A4CF
	for <freebsd-chat@freebsd.org>; Wed, 30 Jun 2004 14:01:20 +0000 (GMT)
Received: from web21001.mail.yahoo.com (web21001.mail.yahoo.com
	[216.136.227.55])
	by mx1.FreeBSD.org (Postfix) with SMTP id 0BBDD43D46
	for <freebsd-chat@freebsd.org>; Wed, 30 Jun 2004 14:01:20 +0000 (GMT)
	(envelope-from vthorma@yahoo.com)
Message-ID: <20040630140044.78387.qmail@web21001.mail.yahoo.com>
Received: from [141.76.1.122] by web21001.mail.yahoo.com via HTTP;
	Wed, 30 Jun 2004 07:00:44 PDT
Date: Wed, 30 Jun 2004 07:00:44 -0700 (PDT)
From: von thorma <vthorma@yahoo.com>
To: naddy@mips.inka.de
In-Reply-To: <40E2BF20.9060607@ofdengineering.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: freebsd-chat@freebsd.org
Subject: Random stack
X-BeenThere: freebsd-chat@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Non technical items related to the community
	<freebsd-chat.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chat>
List-Post: <mailto:freebsd-chat@freebsd.org>
List-Help: <mailto:freebsd-chat-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2004 14:01:20 -0000


> > Is this the right way to go?  We're adding more
> bloat while openbsd is 
> > cleaning itself and reworking kernal memory
> allocation to make exploits 
>                       
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > near impossible.
>    ^^^^^^^^^^^^^^^
> 
> Er, what?

They have randomized the location in memory where the
software will place the stack by adding a randomly
sized gap at the top of the stack. Next, they altered
the way addresses are stored within the stack and
added a way to detect attacks on the stack. They did
this by putting buffers closer to the return addresses
in the stack, resulting in lower flags and pointers,
making them harder for a hacker to hit. The attack
detection was accomplished by adding a “canary” that
will indicate whether any addresses have been altered.

They also broke main memory into two pieces. The first
one is devoted to executing code and the second one is
isolated as a writable section. The assignment of all
pages to one section or another means that no page
will be both writable and executable at the same time.


> 
> -- 
> Christian "naddy" Weisgerber                        
>  naddy@mips.inka.de
> 
> _______________________________________________
> freebsd-chat@freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-chat
> To unsubscribe, send any mail to
> "freebsd-chat-unsubscribe@freebsd.org"





		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail