>
> Lucent's Bell Labs releases free Linux software that foils the most common
> computer security attack
> FOR RELEASE THURSDAY APRIL 20, 2000
>
> MURRAY HILL, N.J. -- Lucent Technologies' (NYSE: LU) Bell Labs announced
> ...
Don't hold your breath; Contrary to kernel-based solutions (mainly
Solar's Linux Kernel Patch from Openwall Project -
http://www.openwall.com/linux/ ), this one deals only with some
specific functions (e.g. strcpy) so it is not a general solution
against buffer-overflows.
Before you argue, let me say that by writing "general" I didn't mean
that the kernel-based solutions *solve* the problem; You still can
garbage the stack, but you can't execute it, so in the worst case,
the victim process will fail, but no *real* damage will be caused to
the system. What I meant was that it doesn't protect only specific
functions, but ANY function.
Linus and Alan Cox claim that preventing the stack from being
executed is not a real solution but only a workaround, so they don't
agree to insert it into the standard kernel. This is also why most of
the distributions (I think except for Mandrake in its highest
security level and Definite-Linux, as well as some security-focused
distros) don't include the kernel-based solutions, but plan to
include Lucent's solution.
--
Eli Marmor
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
