On Mon, 2001-09-17 at 20:01, Brian J. Murrell wrote:
> On Mon, Sep 17, 2001 at 06:18:51PM +0200, Yoann Vandoorselaere wrote:
> >
> > - Because of the 10% performance tradeoff ?
>
> Is it really that high? It has been a while since I read the
> whitepaper but I thought it was lower than that. In any case, how
> about the 100% performance tradeoff of having your box hacked and
> taken down?
Don't take me wrong. I'm on your side. I even contributed to libsafe
development. The point is that ton of user won't accept this argument
(even If it is true).
> > - Because we may experience false positive (thought I never seen one).
>
> Again, it's been a while since I looked at the whitepaper but I cannot
> imagine a "false positive" buffer over-run.
>
> > Yes, that would do it.
>
> Indeed.
>
> > Would you volunteer for sending a proposal to the GLIBC people ?
>
> I'm afraid my hacking skills are not quite at that level that is
> needed to hack buffer/stack over-run checks into glibc. I would if I
> could. Anyway, my time is consumed testing Mandrake Linux and hacking
> it. :-)
Ok, I'll try to do it.
--
Yoann Vandoorselaere
http://prelude.sourceforge.net
