Re: Unexecutable Stack / Buffer Overflow Exploits...

Dan Hollis (goemon@sasami.anime.net)
Thu, 30 Dec 1999 17:46:45 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Theodore Y. Ts'o: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
In reply to: Dan Hollis: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
Reply: Dan Hollis: "Re: Unexecutable Stack / Buffer Overflow Exploits..."

On Thu, 30 Dec 1999, Theodore Y. Ts'o wrote:
> In any case, I suspect that if something randomly added some random
> value between 0 and 128k to the stack pointer at startup time, it would
> also go a fairly long way towards thwarting overrun attacks --- but make
> no mistake, it's still only papering over the problem.

But is "it wont work 100% of the time" a good enough reason to discard the
idea out of hand entirely? The fact we cant raise the bar infinitely high
means we shouldnt raise it even a little?

If thats the argument being put forth, then we might as well apply the
exact same argument to crypto and discard IDEA PGP RSA etc since none of
those are 100% of the time either (just very very hard).

-Dan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Previous message: Theodore Y. Ts'o: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
In reply to: Dan Hollis: "Re: Unexecutable Stack / Buffer Overflow Exploits..."
Reply: Dan Hollis: "Re: Unexecutable Stack / Buffer Overflow Exploits..."