Re: Secure 2.4.x kernel

To: Gary MacDougall <gary@freeportweb.com>
Cc: Matthew Sackman <matthew@sackman.co.uk>, debian-security@lists.debian.org
Subject: Re: Secure 2.4.x kernel
From: Tom Marshall <tmarshall@real.com>
Date: Sat, 22 Dec 2001 10:00:26 -0800
Message-id: <[🔎] 20011222180026.GA2647@real.com>
In-reply-to: <[🔎] ADECINAPILIIOCDLADFDCEADCMAA.gary@freeportweb.com>
References: <[🔎] 20011221200105.A2678@sackman.co.uk> <[🔎] ADECINAPILIIOCDLADFDCEADCMAA.gary@freeportweb.com>

On Fri, Dec 21, 2001 at 03:25:04PM -0500, Gary MacDougall wrote:
> Hmmm I don't buy that this *couldn't* be done on the Intel.
> I might be overstepping my knowledge, but I'm sure there
> *must* be a way.

The first method that comes to mind is making the stack segment
non-executable.  IIRC, this is not supported by the x86.  It's a real shame,
because that would immediately stop about 99.9% of all buffer overrun
exploits.

-- 
Absurdity, n.: A statement or belief manifestly inconsistent with one's own
opinion.
        -- Ambrose Bierce, "The Devil's Dictionary"

Reply to:

References:
- Re: Secure 2.4.x kernel
  - From: matthew@sackman.co.uk (Matthew Sackman)
- RE: Secure 2.4.x kernel
  - From: "Gary MacDougall" <gary@freeportweb.com>

Prev by Date: kernel-modul compile/install
Next by Date: Re: Secure 2.4.x kernel
Previous by thread: RE: Secure 2.4.x kernel
Next by thread: Re: Secure 2.4.x kernel
Index(es):
- Date
- Thread