[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: propolice
On Mon, Dec 02, 2002 at 08:42:49PM +0100, Dries Schellekens wrote:
> On Mon, 2 Dec 2002, Peter Varga wrote:
>
> > On Mon, Dec 02, 2002 at 02:47:38AM -0700, Theo de Raadt wrote:
> > > > (I guess my antipathy to "bolt-on" security is well known. Didn't we have an
> > > > argument about this about a year ago? At the time you rejected putting
> > > > buffer-overflow protection into a compiler because "it would break too
> > > > much". Fine, but why add an insecure/ineffective feature if you've changed
> > > > your mind?)
> > >
> > > Nothing at the time was sufficient to the task.
> > >
> > > Go read the damn propolice paper, and see what existed at the time.
> > >
> > > I'll give you a hint:
> > >
> > > All the world is an i386.
> >
> > Another hint: does the hardware know what is executable and what is
> > data? Is there any way to tell the hardware this page/segment/bank is
> > executable?
>
> Yes, since 3.2 OpenBSD has a non-executable stack on i386, sparc, sparc64,
> alpha, powerpc and no-exec heap and bss on sparc, sparc64, and alpha.
I am fondly aware of that. Let me be more clear.
Is there any way to tell the hardware what is executable and will it
cause a sigsegv?
>
>
> Cheers,
>
> Dries
> --
> Dries Schellekens
> email: gwyllion@ulyssis.org
- Follow-Ups:
- Re: propolice
- From: Hack Kampbjørn <obsd-misc@hack.kampbjorn.com>