Dustin Puryear wrote: > I don't think we can or should narrow this down to the x86. > Solaris/SPARC hasn't been exactly free of exploits, including buffer > overflows, either. Let's say "Until recently, most CPU's haven't > protected against buffer overflows".
I don't understand why, either, in the SPARC/Solaris case, Sun doesn't put the following by default in /etc/system set noexec_user_stack_log=1 set noexec_user_stack=1 This has been around since Solaris 2.6. http://docs.sun.com/app/docs/doc/806-7009/6jftnqskr?a=view#appendixa-21 "Introduced in the Solaris 2.6 release to allow the stack to be marked as non-executable. This helps make buffer-overflow attacks more difficult. In the Solaris 2.6 release, the value does not affect threaded applications. All 64-bit Solaris applications effectively make all stacks non-executable irrespective of the setting of this variable." > > ----- Original Message ----- From: "Andrew Baudouin" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Friday, January 28, 2005 11:07 AM > Subject: Re: [brlug-general] Re: limitations of x86 = Windows insecurity? > > >> Let me add to this that if it weren't for the insecurity of x86 >> architecture, Windows/OpenBSD wouldn't have to spend time developing >> fixes and security schemes for buffer overflows and stack smashing >> attacks. The NX flag (on AMD64 archs) tries to alleviate this >> problem, but i believe there are ways around this. >> >> >> On Fri, 28 Jan 2005 11:05:26 -0600, Andrew Baudouin >> <[EMAIL PROTECTED]> wrote: >> >>> The fundamental difference between OpenBSD and the rest of the world >>> is that they spend the bulk of their time auditing code for security >>> holes rather than implementing new features and making available the >>> latest/greatest software packages. This is why SMP wasn't implemented >>> until 2004. I do not know the history of Debian Linux and their >>> security policies, but I do know that their "stable" distribution is >>> many versions behind the latest and greatest on just about every >>> software package. >>> >>> Outlook has never required root ("Administrator") to work. NTFS is >>> based from the ground up on permissions. Windows NT 4.0 and above >>> tracked processes by PID and allowed the ability to re-"nice", etc. >>> >>> I have already said this numerous times, but the reason that Microsoft >>> is insecure as it is is because of the previous attitudes within the >>> corporation of "provide the most features, the most user-friendliness, >>> and do it as fast as possible, we'll fix bugs later." >>> >>> >>> On Fri, 28 Jan 2005 04:49:16 -0600, Will Hill <[EMAIL PROTECTED]> >>> wrote: >>> > Is it the hardware or the way it's used? What fundamental >>> differences > are >>> > there between the Microsoft way and OpenBSD or Debian? Has Microsoft >>> > implemented basic precautions such as PIDs tracked by the kernel, > >>> users, and >>> > root accounts? The last time I checked, processes could still >>> hide, > Outlook >>> > and other processes had to run as root to work and file permissions >>> > were >>> > based on some kind of table system rather than inherent in the file >>> > system. >>> > It's possible Microsoft has leapt over these old problems, but I >>> doubt > they >>> > can ever do as well as they should and still give Holywood DRM. >>> > >>> > On Wednesday 26 January 2005 10:21 pm, Andrew Baudouin wrote: >>> > > They have made leaps and strides when it comes to security recently. >>> > > ... if the x86 architecture were not as insecure as it is, >>> Windows > > wouldn't >>> > > look half as bad, but the blame can certainly be evenly placed on >>> > > both >>> > > sides of the equation. >>> > >>> > _______________________________________________ >>> > General mailing list >>> > [email protected] >>> > http://brlug.net/mailman/listinfo/general_brlug.net >>> > >>> >> >> _______________________________________________ >> General mailing list >> [email protected] >> http://brlug.net/mailman/listinfo/general_brlug.net >> >> > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > -- Scott Harney <[EMAIL PROTECTED]> "Asking the wrong questions is the leading cause of wrong answers" gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
