Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Jun 2002 23:57:21 -0700 (PDT)
From:      Lamont Granquist <lamont@scriptkiddie.org>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        Patrick Thomas <root@utility.clubscholarship.com>, <freebsd-hackers@freebsd.org>
Subject:   Re: inuring FreeBSD to the apache bug without upgrading apache ?
Message-ID:  <20020620235248.L567-100000@coredump.scriptkiddie.org>
In-Reply-To: <20020620192839.A72755@xor.obsecurity.org>

next in thread | previous in thread | raw e-mail | index | archive | help

I think that libsafe would "protect" against this bug to at least prevent
against any possible malicious code execution.  I think it still leaves
the DoS possibility open though...  Even some kind of non-exec stack
protection patched into FBSD would only generate a SEGV if it got
triggered[*].  Very hard to stop the DoS.

[*] and yes does nothing to prevent against malicious code execution
attacks on x86 architecture either, only obscures...


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020620235248.L567-100000>