Re: Here is my plan for firewall implementation

[Peter Jeremy <peter.jeremy () alcatel com au>]

On Mon, 22 Sep 1997 12:01:57 -0400 (EDT), "Joseph S. D. Yao"
<jsdy () cospo osis gov> wrote:
[MJR's suggestion re non-executable stack]
> possibly the Sparc do[es] not.
Actually, most SPARCs can.  Casper Dik <Casper.Dik () Holland Sun COM>
posted some code to BUGTRAQ in November 1996 for Solaris 2.4/2.5/2.5.1
on sun4m and sun4u architectures (although it doesn't work on the
sun4c).  (It patches 1 word and 1 half-word).

Keep in mind that a non-executable stack _will_ break code, although
this is probably not a major issue on a firewall.  The problems I am
aware of are:
1) GCC trampolines (used for nested functions from memory)
2) Interleaf Tool Manager (which you'd better not be running on your
   firewall in any case).

>  Software implementations slow the system down, unforgivable to
> the Marketing departments [;-)].
Given that the slow-down is measured in orders of magnitude, I suspect
the engineers wouldn't like it either. :-)

Peter
--
Peter Jeremy (VK2PJ)                    peter.jeremy () alcatel com au
Alcatel Australia Limited
41 Mandible St                          Phone: +61 2 9690 5019
ALEXANDRIA  NSW  2015                   Fax:   +61 2 9690 5247