Re: Is this the ultimate stack-smash fix?

From: Jeremy Jackson (jeremy.jackson@sympatico.ca)
Date: Thu Feb 15 2001 - 10:32:39 EST


"Eric W. Biederman" wrote:

> Jeremy Jackson <jeremy.jackson@sympatico.ca> writes:
>
> > "Eric W. Biederman" wrote

> No. I'm not talking about stack-guard patches. I'm talking about bounds checking.

Sorry, I was quite incoherent. Many others have pointed out that there exist
patches for non-executatble stack, and the problems with it. That's what I meant to
comment on. But I'm glad to find out about bounds checking as an option.

> But the gcc bounds checking work is the ultimate buffer overflow fix.
> You can recompile all of your trusted applications, and libraries with
> it and be safe from one source of bugs.

That's why I was wondering of limiting privileged addresses security at a more
fundamental level... as you say above,
this fixes *ONE* source of bugs(security threats)... but itn't it inevitable that
there will be others? But if services are each put
in a separate box, that doesn't have a door leading to the inner sanctum, things would
be more secure in spite of "bugs".

Well I thank everyone for their responses in this thread, I think It's been beaten
into the ground (my original idea),
and I'm left with some food for thought.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Feb 15 2001 - 21:00:26 EST