[cgl_discussion] Buffer overflow

Makan Pourzandi (LMC) Makan.Pourzandi at ericsson.ca
Tue Apr 22 10:36:24 PDT 2003


Hi Stefano, 

I agree that it can be useful. However, I propose not to add the openwall kernel patch. My understanding was that the kernel patches are not admitted to the requirements, but there is a LSM module, openwall that we can add to the requirements. what do you think about this? 

Regards, 
makan 


> -----Original Message-----
> From: Stefano.Campadello at nokia.com 
> [mailto:Stefano.Campadello at nokia.com]
> Sent: Tuesday, April 22, 2003 8:09 AM
> To: Makan.Pourzandi at ericsson.ca; 
> mikukkon at miku-t21-linox.koti.nokia.com;
> cgl_discussion at osdl.org
> Subject: RE: [cgl_discussion] Buffer overflow
> 
> 
> So, what is your opinion? Should we add a requirement for 3.0 or
> it is still premature now?
> 
> Stefano
> 
> > -----Original Message-----
> > From: ext Makan Pourzandi (LMC) [mailto:Makan.Pourzandi at ericsson.ca]
> > Sent: 17 April, 2003 01:37
> > To: 'Mika Kukkonen'; cgl_discussion at osdl.org
> > Subject: RE: [cgl_discussion] Buffer overflow
> > 
> > 
> > Hi, 
> > 
> > My first reaction is to wait and see. Even if open bsd has a 
> > very good reputation (I mean regarding security), we have to 
> > wait for 1st May. 
> > 
> > Second, open bsd has always been more on advance at security 
> > than linux. In best case, it will take some time before those 
> > modification get into linux kernel. hopefully, this will not 
> > generate too many flames ;-) 
> > 
> > last but not least, there are already linux kernel patches 
> > regarding buffer overflows, one of the ones I know of is 
> http://www.openwall.com/linux/README,  which implements 
> Non-executable user stack area.  open wall is also 
> implemented as a lsm module but at my knowledge not all 
> functionality available by openwall is provided by the lsm module. 
> 
> regards, 
> makan 
> 
> 
> > -----Original Message-----
> > From: Mika Kukkonen [mailto:mikukkon at miku-t21-linox.koti.nokia.com]
> > Sent: Wednesday, April 16, 2003 10:58 AM
> > To: cgl_discussion at osdl.org
> > Subject: [cgl_discussion] Buffer overflow
> > 
> > 
> > An Anonymous Coward suggested to me that CGL should also 
> > include something like this:
> > http://news.com.com/2100-1002-996584.html
> > 
> > Now looking at the pace RedHat sends me up2date packages
> > that fix buffer overflows, I tend to agree, but I do think
> > this is one of those features that are _very_ hard to get
> > accepted by Linus.
> > 
> > Any opinions?
> > 
> > --MiKu
> > 
> > _______________________________________________
> > cgl_discussion mailing list
> > cgl_discussion at lists.osdl.org
> > http://lists.osdl.org/mailman/listinfo/cgl_discussion
> > 
> _______________________________________________
> cgl_discussion mailing list
> cgl_discussion at lists.osdl.org
> http://lists.osdl.org/mailman/listinfo/cgl_discussion
> 



More information about the cgl_discussion mailing list