Full Disclosure mailing list archives

Re: Re: yet another OpenBSD kernel hole ...

From: Peter Busser <peter () adamantix org>
Date: Tue, 18 Nov 2003 21:33:13 +0100

Hi!

noir> so i hope, some of you openbsd loving losers will finally get the truth
noir> behind your cult. it is a big LIE, aloha ????
Being not a diehard obsd fan, I must notice that 3.4 kernel is built with 
stack smashing protection, which reduces this hole to pure local DoS only.


_IF_ the stack smashing protection works it will reduce this bug into a pure
local DoS yes. I have seen no proof so far that the SSP stack smashing
protection is 100% effective against all types of overflows.

Can 
you name any other OS which has any prevention against kernel buffer overflow ?


The Adamantix kernels are compiled with SSP (aka propolice), which is the same
thing used to compile the OpenBSD kernel. It protects against some, but not
all, overflows.

Groetjes,
Peter Busser
-- 
The Adamantix Project
Taking high-security Linux out of the labs, and into the real world
http://www.adamantix.org/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

yet another OpenBSD kernel hole ... noir (Nov 17)
- Re: yet another OpenBSD kernel hole ... i.t Consulting (Nov 22)
- <Possible follow-ups>
- Re: yet another OpenBSD kernel hole ... Alexander E. Cuttergo (Nov 18)
  - Re: Re: yet another OpenBSD kernel hole ... Peter Busser (Nov 18)
  - Re: Re: yet another OpenBSD kernel hole ... noir (Nov 18)
    - Re: yet another OpenBSD kernel hole ... Alexander E. Cuttergo (Nov 18)
    - Re: Re: yet another OpenBSD kernel hole ... noir (Nov 18)