On Thu, Aug 14, 2008 at 11:48:49AM +1000, Sunnz wrote:
> Hi,
>
> I am just curious, have Vista implemented something similar to
> Stack-Smashing Protector as in OpenBSD's GCC?
>
> http://arstechnica.com/news.ars/post/20080811-the-sky-isnt-falling-a-look-at-a-new-vista-security-bypass.html
>
> I don't really know that much, so I am just asking here... if those
> things can be bypassed, would a same type of attack be threatening to
> OpenBSD systems?
Yes, stack protection can be circumvented in particular cases. But in
general it is pretty good at catching the accidental overwrite and
thus preventing the potential following attack.
ProPolice, like some many techniques does not provide 100% safety. If
that was the case, why would we bother doing all we do? We could have
stopped after finishing ProPolice and have some rest.
-Otto
