[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: propolice

To: Peter Varga <peter.varga@screaminet.com>
Subject: Re: propolice
From: Dries Schellekens <gwyllion@ace.ulyssis.org>
Date: Mon, 2 Dec 2002 20:42:49 +0100 (CET)
Cc: <misc@openbsd.org>

On Mon, 2 Dec 2002, Peter Varga wrote:

> On Mon, Dec 02, 2002 at 02:47:38AM -0700, Theo de Raadt wrote:
> > > (I guess my antipathy to "bolt-on" security is well known. Didn't we have an
> > > argument about this about a year ago? At the time you rejected putting
> > > buffer-overflow protection into a compiler because "it would break too
> > > much". Fine, but why add an insecure/ineffective feature if you've changed
> > > your mind?)
> >
> > Nothing at the time was sufficient to the task.
> >
> > Go read the damn propolice paper, and see what existed at the time.
> >
> > I'll give you a hint:
> >
> > 	All the world is an i386.
>
> Another hint:  does the hardware know what is executable and what is
> data?  Is there any way to tell the hardware this page/segment/bank is
> executable?

Yes, since 3.2 OpenBSD has a non-executable stack on i386, sparc, sparc64,
alpha, powerpc and no-exec heap and bss on sparc, sparc64, and alpha.


Cheers,

Dries
-- 
Dries Schellekens
email: gwyllion@ulyssis.org

Follow-Ups:
- Re: propolice
  - From: Peter Varga <peter.varga@screaminet.com>

References:
- Re: propolice
  - From: Peter Varga <peter.varga@screaminet.com>

Prev by Date: Re: Bandwidth usage
Next by Date: Re: Disk trashing
Prev by thread: Re: propolice
Next by thread: Re: propolice
Index(es):
- Date
- Thread