Firewall Wizards mailing list archives
Re: Here is my plan for firewall implementation
From: Adam Shostack <adam () homeport org>
Date: Mon, 22 Sep 1997 13:37:58 -0400 (EDT)
Joseph S. D. Yao wrote: | > this takes more kernel expertise than I have) is | > modifications to the memory management to make | > stack space protected so it's not executable. When | > someone tries to hit a buffer overrun, *poof* instant | > SIGSEGV. | Of the hardware architectures I just glanced at, it appears that the | Alpha and HP-PA allow this, the x86 and MIPS and possibly the Sparc do | not. Software implementations slow the system down, unforgivable to Casper Dik has posted a tool to Bugtraq to turn off stack executability on Sparcs. It invalidates the standard egg, but there may be ways around it. (If a user can overwrite arbitrary memory, he can probably do arbitrary things. The 'correct' solution is to implement your code well. BSDI encourages this by having unsafe function calls print "This program uses gets(), which is unsafe" on startup. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- Here is my plan for firewall implementation Jim Raykowski (Sep 21)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- Re: Here is my plan for firewall implementation Jyri Kaljundi (Sep 21)
- Re: Here is my plan for firewall implementation Bennett Todd (Sep 22)
- Re: Here is my plan for firewall implementation Jyri Kaljundi (Sep 21)
- Re: Here is my plan for firewall implementation Craig Brozefsky (Sep 21)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- Re: Here is my plan for firewall implementation Craig Brozefsky (Sep 22)
- NCSA's RECON Service Adept (Sep 22)
- Re: Here is my plan for firewall implementation Joseph S. D. Yao (Sep 22)
- Re: Here is my plan for firewall implementation Adam Shostack (Sep 22)
- Re: Here is my plan for firewall implementation Paul D. Robertson (Sep 23)
- Re: Here is my plan for firewall implementation Alfred Huger (Sep 24)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- Re: Here is my plan for firewall implementation Marcus J. Ranum (Sep 21)
- <Possible follow-ups>
- Re: Here is my plan for firewall implementation See, Matthew (Sep 22)
- Re: Here is my plan for firewall implementation Peter Jeremy (Sep 22)
- RE: Here is my plan for firewall implementation Tong, Aaron (Sep 23)
- RE: Here is my plan for firewall implementation Jim Raykowski (Sep 26)