Re: Buffer overflow prevention

[Peter Busser <peter () trusteddebian org>]

On Mon, Aug 18, 2003 at 03:31:11PM -0600, Theo de Raadt wrote:
> > > If we had been aware of PAX as you claim, why would we have thought
> > > that i386 solutions were impossible?
> >
> > You have thought that i386 solutions were possible, because you have
> > implemented them.
>
> Can you please stop spinning this?

How could you implement an i386 solution if you still think it is impossible?

> W^X was up and running on some of our architectures before we had
> heard of PAX.
>
> Months later, ways of doing W^X for i386 were discussed, but this was
> also before we had heard of PAX.
>
> Even later, W^X was starting to work on i386, but even this was before
> we had heard of PAX.
>
> W^X does not do what PAX does; rather, W^X attempts to solve many of
> the same problem AREAS, but using entirely DIFFERENT SOLUTIONS.

Ok, thank you for clarifying that. I didn't know that. All I've seen so far is
abusive language from you against the people who contacted you about this
matter.

> Holy cow, can you guys please stop crowing for me to revise history!

Can you please stop making generalisations?

> It is clear that W^X was developed without knowlege of PAX; it is clear
> that this is a case of two solutions to a similar problem space -- call it
> convergent evolution; it is clear that begging for credit is just making
> your efforts look more and more political and less and less techical.

PaX is not my effort.

> I urge the PAX authors to get their community's rabid foaming under control.

I can't speak for other people in the community you mention, but it seems to
me that the one who is foaming right now is you.

> Like, our idea that mprotect should
> still permit a user to request a page that is PROT_EXEC|PROT_WRITE; by default
> the PAX people prefer to deny such requests.

Right, PROT_EXEC|PROT_WRITE is W|X and not W^X. Denying it is what you could
call secure by default.

> We informally (in mail to lists, etc) presented W^X to say we have
> shipped a system that does this and this and that, to improve
> resistance against exploitation of bugs, in concert with ProPolice.
> If you look at the PAX web and other much more formal documentation,
> you will find that they do not mention W^X.

If you look at the PaX web site, you will notice that it mentions other Linux
patches that do memory protection. The Adamantix web site links to the OpenBSD
web site and to systrace.

> Your continued insistance that we knew of PAX is making you look ridiculous.

My continued insistance? I've written only two messages about the subject, this
one being the second.

> I will not revise history to make your ego feel less bruised.

There is a saying which goes like: It takes one to know one.

> > The Adamantix Project
> > Taking trustworthy software out of the labs, and into the real world
> > http://www.adamantix.org/
>
> Competing against OpenBSD security efforts, but starting out 6 years later...

Thank you for thinking of Adamantix as competition. I think competition is
good and having a choice is also good.

Groetjes,
Peter Busser
-- 
The Adamantix Project
Taking trustworthy software out of the labs, and into the real world
http://www.adamantix.org/