Good Day!
On Wed, Apr 02, 2003 at 03:25:32PM -0800, Rick Moen wrote:
<SNIP>
> would be a compelling argument in their favour. In my experience, the
> key ingredient required to protect a system from attack is for the
> sysadmin to be minutely familiar with how it works, and familiar with
> the software that runs on it. You want to use what people know.
Amen to that.
<SNIP>
> There are also hardware considerations. It might be worth considering
> using one of the CPU architectures with fewer buffer-overflow problems
> (PowerPC, SPARC, Alpha), and you might be able to operate with most of
Also architectures like sparc, sparc64, alpha, hppa and the
upcoming AMD Hammer support W^X [0], which ensures that memory that can
be written by programs cannot be executable at the same time and
vice-versa. At the moment only OpenBSD supports this. This makes
buffer overflows a trifle hard to exploit.
<SNIP>
The soon to be released OpenBSD 3.3[1](and -current snapshots)
has ProPolice[2][3] enabled by default, this lessens the risk of priviledge
escalation through buffer overflows. ProPolice enabled sendmail is safe
from the recently released exploit/bug on it[4].
> Rick Moen -- Huw Davies
> [EMAIL PROTECTED]
Mabuhay! barryg
[0] http://marc.theaimsgroup.com/?l=openbsd-misc&m=103846573502212
[1] http://www.openbsd.org/33.html
[2] http://www.trl.ibm.com/projects/security/ssp/
[3] http://marc.theaimsgroup.com/?l=openbsd-misc&m=104425125001567
[4] http://auscert.org.au/render.html?it=2919&id=1
--
Barry Dexter A. Gonzaga, bofh
[EMAIL PROTECTED]
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL
PROTECTED]
