realpath(3) et al
Jason Stone
freebsd-security at dfmm.org
Tue Aug 12 04:40:16 PDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Protecting against stack smashing is quite important; I think many
> hosting environments not using LISP or other executable-stack-reliant
> packages would benefit from this. By negating the ability to execute
> injected code through a buffer overflow, security is highly increased.
I think that this topic has come up before on the list - please check the
archives before you get into it again.
I think that the consensus has been something along the lines of, it would
be nice, _but_:
1) It requires ugly tricks to implement on i386;
2) It does not canonically stop the exploitation of buffer overruns -
yes, it stops the current attacks, but the underlying problem that an
attacker can change the flow of program execution remains;
3) It would break a whole bunch of stuff.
-Jason
--------------------------------------------------------------------------
Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
that he was insufficiently fondled when he was an infant.
-- Ashley Montagu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE/ONIbswXMWWtptckRAmeWAKCR0+gKO1TeBncCaIzGaz0OuIaEnwCgpe7u
o6iRC44JMJe86lhPj7CqdEg=
=ijiO
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list