[cgl_discussion] Re: Buffer overflow

Makan Pourzandi (LMC) Makan.Pourzandi at ericsson.ca
Mon Apr 28 14:55:48 PDT 2003


Hi Mika, 

My point was not to drop the feature (protection against buffer overflow) but rather concerns the fact that I didn't see any NEP expressing the interest on the open wall project in particular and as I mentioned we have already several valid references regarding this feature. That's why I thought this is not necessary to add an extra reference which some developers expressed concerns regarding it and no one brought any extra information regarding those concerns or showed interest to defend the merits of the project. That means that as soon as any NEP or other member of OSDL expresses the interest in this project, or someone comes up by valid arguments regarding the merits of the project, we'll add it to the document. 

> on this. Btw, last time I checked, Ericsson was defined as a 
> NEP: what is your
> opinion on the importance of this feature?
> 

I believe that the feature (protection against buffer overflow) is important. To be honest, I don't know much about open wall, and the fact of including or excluding them from the references must not be interpreted as a judgement concerning the quality of their work.  

As requirement specs group, our job is to give some references to show the feasibility. We do not go into evaluation of different open source projects, this is part of PoC group's job (even if we want to do our best to give to the CGL people and the PoC group the "best" possible references).  

regards,
makan 
 

> -----Original Message-----
> From: Mika Kukkonen [mailto:mika at osdl.org]
> Sent: Monday, April 28, 2003 5:16 PM
> To: Makan Pourzandi (LMC)
> Cc: cgl_discussion at lists.osdl.org
> Subject: RE: [cgl_discussion] Re: Buffer overflow
> 
> 
> On Mon, 2003-04-28 at 14:02, Makan Pourzandi (LMC) wrote:
> (...)
> > > Some questions:
> > > - Were we also going to add a reference to Openwall -
> > > http://www.openwall.com/linux for non-executable user stack area?
> > 
> > from what Greg told us and what I read (which is far away to be a
> > complete lecture on the open wall), if I understood well, there are
> > not many chances that this patch will be accepted to the linux main
> > line and we have already several other valid references. 
> therefore, I
> > suggest not adding this reference to the doc. Any comments on open
> > wall? 
> 
> Well, I do not have an opinion about this project, but there 
> are several
> features in CGL specs that point to projects that have little 
> or no chance
> to get into main line kernel (like various kernel debuggers).
> 
> But that does not mean that they do not address the needed 
> functionality
> and so are and will be deployed by the distros who wish to sell their
> products in CGL business segment. And this is the reason why 
> our mainline
> definition includes two or more distro adoptions.
> 
> So resistance from kernel developers on a certain feature is 
> a thing to be
> noted, yes, but not a reason to drop a feature. On the other 
> hand, resistance
> from NEP's _is_ a reason to drop feature, so I think we need 
> some NEP feedback
> on this. Btw, last time I checked, Ericsson was defined as a 
> NEP: what is your
> opinion on the importance of this feature?
> 
> --MiKu
> 
> 



More information about the cgl_discussion mailing list