Re: Here is my plan for firewall implementation

[Adam Shostack <adam () homeport org>]

Joseph S. D. Yao wrote:
| > this takes more kernel expertise than I have) is
| > modifications to the memory management to make
| > stack space protected so it's not executable. When
| > someone tries to hit a buffer overrun, *poof* instant
| > SIGSEGV.

| Of the hardware architectures I just glanced at, it appears that the
| Alpha and HP-PA allow this, the x86 and MIPS and possibly the Sparc do
| not.  Software implementations slow the system down, unforgivable to

Casper Dik has posted a tool to Bugtraq to turn off stack
executability on Sparcs.  It invalidates the standard egg, but there
may be ways around it.  (If a user can overwrite arbitrary memory, he
can probably do arbitrary things.  The 'correct' solution is to
implement your code well.  BSDI encourages this by having unsafe
function calls print "This program uses gets(), which is unsafe" on
startup.

Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume