[cgl_discussion] Buffer overflow

Makan Pourzandi (LMC) Makan.Pourzandi at ericsson.ca
Wed Apr 16 15:37:01 PDT 2003


My first reaction is to wait and see. Even if open bsd has a very good reputation (I mean regarding security), we have to wait for 1st May. 

Second, open bsd has always been more on advance at security than linux. In best case, it will take some time before those modification get into linux kernel. hopefully, this will not generate too many flames ;-) 

last but not least, there are already linux kernel patches regarding buffer overflows, one of the ones I know of is http://www.openwall.com/linux/README,  which implements Non-executable user stack area.  open wall is also implemented as a lsm module but at my knowledge not all functionality available by openwall is provided by the lsm module. 


> -----Original Message-----
> From: Mika Kukkonen [mailto:mikukkon at miku-t21-linox.koti.nokia.com]
> Sent: Wednesday, April 16, 2003 10:58 AM
> To: cgl_discussion at osdl.org
> Subject: [cgl_discussion] Buffer overflow
> An Anonymous Coward suggested to me that CGL should also 
> include something like this:
> http://news.com.com/2100-1002-996584.html
> Now looking at the pace RedHat sends me up2date packages
> that fix buffer overflows, I tend to agree, but I do think
> this is one of those features that are _very_ hard to get
> accepted by Linus.
> Any opinions?
> --MiKu
> _______________________________________________
> cgl_discussion mailing list
> cgl_discussion at lists.osdl.org
> http://lists.osdl.org/mailman/listinfo/cgl_discussion

More information about the cgl_discussion mailing list