[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: propolice

To: Theo de Raadt <deraadt@cvs.openbsd.org>
Subject: Re: propolice
From: Peter Varga <peter.varga@screaminet.com>
Date: Mon, 2 Dec 2002 14:28:35 -0500
Cc: Peter Fairbrother <zenadsl6186@zen.co.uk>, misc@openbsd.org
Content-Disposition: inline
References: <BA10DBAD.28CE5%zenadsl6186@zen.co.uk> <200212020947.gB29lc7a028890@cvs.openbsd.org>

On Mon, Dec 02, 2002 at 02:47:38AM -0700, Theo de Raadt wrote:
> > (I guess my antipathy to "bolt-on" security is well known. Didn't we have an
> > argument about this about a year ago? At the time you rejected putting
> > buffer-overflow protection into a compiler because "it would break too
> > much". Fine, but why add an insecure/ineffective feature if you've changed
> > your mind?)
> 
> Nothing at the time was sufficient to the task.
> 
> Go read the damn propolice paper, and see what existed at the time.
> 
> I'll give you a hint:
> 
> 	All the world is an i386.

Another hint:  does the hardware know what is executable and what is
data?  Is there any way to tell the hardware this page/segment/bank is
executable? 

Thanks for all the work to have propolice.
Asap i'll try it.

Follow-Ups:
- Re: propolice
  - From: Dries Schellekens <gwyllion@ace.ulyssis.org>

References:
- Re: propolice
  - From: Peter Fairbrother <zenadsl6186@zen.co.uk>
- Re: propolice
  - From: Theo de Raadt <deraadt@cvs.openbsd.org>

Prev by Date: Runaway SSL httpd process
Next by Date: Re: Bandwidth usage
Prev by thread: Re: propolice
Next by thread: Re: propolice
Index(es):
- Date
- Thread