Firewall Wizards mailing list archives
Fwd: Re: securing bind
From: Predrag Zivic <pzivic () yahoo com>
Date: Wed, 24 Nov 1999 08:29:04 -0800 (PST)
Another solution to preventing buffer overflows for all other OSs can be found at http://www.platinum.com/products/sysman/security/sec_feat.htm Pez --- Crispin Cowan <crispin () cse ogi edu> wrote:
Date: Tue, 23 Nov 1999 02:45:35 +0000 From: Crispin Cowan <crispin () cse ogi edu> Organization: Oregon Graduate Institute To: Ken Hardy <ken () bridge com>, Firewall Mailing List <firewall-wizards () nfr net> Subject: Re: securing bind Reply-to: Crispin Cowan <crispin () cse ogi edu> Crispin Cowan wrote:Ken Hardy wrote:It's obvious that we'll never see the end ofstack overrunattacks until overrunning the stack doesn't getyou anywhere.IMHO something like StackGuard should be astandard option on...Alternatively (and higher performance?) Solaris2 has a kernelparameter that can be set to make the stacknon-executable.As does Linux. I've just finished writing a paperdescribing the comparativeeffectiveness of a variety of buffer overflowdefenses. Notably, non-executablestack overlaps with StackGuard, but each hasattacks that it uniquely defendsagainst. Since they are compatible, both shouldbe used for maximum coverage.The paper will appear at the DARPA InformationSurvivability Expo (http://schafercorp-ballston.com/discex/ ) and aninvited talk at SANS 2000 (http://www.sans.org/newlook/events/sans2000.htm ).I'll have the paper up onthe publications page at http://immunix.orgshortly. Ok, I've posted my paper. It is available for download here: http://immunix.org/StackGuard/discex00.pdf Crispin ----- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
__________________________________________________ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one place. Yahoo! Shopping: http://shopping.yahoo.com
Current thread:
- securing bind Jan Stifter (Nov 17)
- Re: securing bind Craig H. Rowland (Nov 17)
- Re: securing bind chuck (Nov 18)
- Re: securing bind Ken Hardy (Nov 21)
- Re: securing bind Crispin Cowan (Nov 22)
- Re: securing bind Crispin Cowan (Nov 23)
- Re: securing bind Saravana Ram (Nov 23)
- Who to blame (was RE: securing bind) Anton J Aylward (Nov 26)
- Re: securing bind Gerardo Richarte (Nov 26)
- Re: securing bind Craig H. Rowland (Nov 17)
- <Possible follow-ups>
- Fwd: Re: securing bind Predrag Zivic (Nov 28)