[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: our recent security stuff

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: our recent security stuff
From: "Darren Reed" <darrenr_(_at_)_netbsd_(_dot_)_org>
Date: 3 Feb 2003 14:38:25 -0000

> The most amazing thing about this new buffer overflow stuff is that it
> appears noone in any other project has commented on it in a public
> mailing list anywhere.  Eerie silence.

It's probably because the only new thing that's interesting (the
.rodata ELF section usage) got drowned out by other points you
are advertising and everyone is sick of hearing about read-only
stack protection.

> I don't know about how you guys view that, but to me it is pretty
> depressing that none of these other projects (or their users) see the
> impact and import of these changes; that indicates a large lack of
> vision.

Or their vision is different to yours or maybe they're solving the
same problems in a different manner with less publicity and hoopla.

> The interesting side of ProPolice is that it will, once we ship 3.3,
...

Have you found out whether or not ProPolice infinges any patents ?
There's an IBM patent (pending, I believe) that I've heard mention
specifies the mechanism that ProPolice uses.  Publication and
application dates could be important.  If you don't know about it,
sorry, I can't provide any more information on it as its gone from
my memory.

btw, I'm told a US-III PDF recently appeared on Sun's web site.
Don't know if it covers MMU things or if it needs to.

Prev by Date: Re: Removing data in a secure manner?
Next by Date: tty, TIOCM_ST, TIOCM_SR
Previous by thread: Re: our recent security stuff
Next by thread: Re: our recent security stuff
Index(es):
- Date
- Thread

Visit your host, monkey.org