Re: Buffer overflow prevention

[Theo de Raadt <deraadt () cvs openbsd org>]

> pros and cons of the two ? 
> i think the comparison should be like "how much more does wOpenBSD lacks 
> compared to PAX ?"
>
> he might try to mean whatever but there is one thing obvious which is best 
> known as "rip-off"
>
> i think you should read this instead:
> http://archives.neohapsis.com/archives/openbsd/2003-04/1681.html
>
> - noir
>
> w as in http://stargliders.org/phrack/mmhs.jpg

I have made it clear many times that W^X inside OpenBSD came into
being without me even being aware of PAX.

I may have stumbled past HAL2001 on my way from IETF in London to
Usenix Security in DC, but I never went to any of the talks there, and
I do not recall ever talking to anyone about anything in any way like
W^X.  I spent most of the time talking with European OpenBSD
developers and Solar Designer, and do not recall any topics about
protecting the address space ever coming up.  Almost a year later, we
started working on W^X.  We started on non-i386 machines like the
sparc and alpha because at the time we could not think of a way of
doing i386 W^X.

If we had been aware of PAX as you claim, why would we have thought
that i386 solutions were impossible?

There is only one thing I have found the various PAX people to have in
common; they are very persistant at calling other people liars.  Can
you people please grow up?