[cgl_discussion] Buffer overflow

Fleischer, Julie N julie.n.fleischer at intel.com
Wed Apr 16 08:36:16 PDT 2003


> An Anonymous Coward suggested to me that CGL should also 
> include something like this:
> http://news.com.com/2100-1002-996584.html

In my opinion (which is fairly new to security), I could see this as a
security level 3 requirement.  Seems like it wouldn't be necessary for a
minimal or normal level of security, but if someone wanted a paranoid
(highest) level of security, it would be quite useful.

I also think that what Adriano Galano pointed out is good to note:  LSM with
a good module that implements access controls can really mitigate the
effects of a buffer overflow.  Then, even if a buffer overflow happens, the
attacker still won't have access to too much in the system.  So, with LSM
being a priority 1 requirement for CGL, it seems that something like this
could more safely be a priority 2 or 3 requirement.

- Julie

**These views are not necessarily those of my employer.**



More information about the cgl_discussion mailing list