Full Disclosure mailing list archives

Re: Re: Buffer overflow prevention

From: Valdis.Kletnieks () vt edu
Date: Wed, 20 Aug 2003 09:07:08 -0400

On Wed, 20 Aug 2003 09:31:24 +0200, Peter Busser <peter () trusteddebian org>  said:

And another is that performance is more important than security in the Linux
world. Even though most servers and desktops are more than 90% idle and CPU
cycles have never been so cheap. Still, it seems that none of this wealth
should be spent to improve security somewhat.


I'd like to know where you get the funding to have all your servers at 90% idle.

Most of us have servers where 90% busy is the normal condition.

Other than that, Peter is pretty much on target - although I'm not sure if the RedHat
issue with "NIH" patches is really that, or a question of intrusive code in the kernel
(I'd have to look at both patches - the RedHat one was pretty intrusive, but looked
like low-overhead at run time once the gcc and ld hooks were incorporated to handle
auto-flagging of trampolines...)

Attachment: _bin
Description:

Current thread:

Re: Buffer overflow prevention Stephen Clowater (Aug 14)
- <Possible follow-ups>
- Re: Buffer overflow prevention Mariusz Woloszyn (Aug 14)
  - Re: Re: Buffer overflow prevention KF (Aug 14)
  - Re: Re: Buffer overflow prevention Peter Busser (Aug 20)
    - Re: Re: Buffer overflow prevention Valdis . Kletnieks (Aug 20)
- Re: Buffer overflow prevention Stephen Clowater (Aug 14)
- Re: Buffer overflow prevention pageexec (Aug 18)