DARPA and the network

• Previous message (by thread): DARPA and the network
• Next message (by thread): DARPA and the network
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This in reality protects from EVERYTHING! In theory - not, but in reality -
no exploits exists at all (except DDOS exploints, of course) for such
systems.



----- Original Message ----- 
From: "Florian Weimer" <fw at deneb.enyo.de>
To: <nanog at merit.edu>
Sent: Tuesday, September 06, 2005 2:43 AM
Subject: Re: DARPA and the network


>
> * Henning Brauer:
>
> > so if the BSDs are en par with preventive measures, why is OpenBSD (to
> > my knowledge) the only one shipping ProPolice, which prevented
> > basically any buffer overflow seen in the wild for some time now?
> > Why is OpenBSD the only one to have randomized library loading,
> > rendering basicaly all exploits with fixed offsets unuseable?
> > Why is OpenBSD the only one to have W^X, keeping memory pages writeable
> > _or_ executable, but not both, unless an application fixes us to (by
> > respective mprotect calls)?
>
> All these pamper over the real problems and are not very helpful in a
> service provider environment, where availability might well be more
> important than integrity.  Buffer overflows still lead to crashes.
>
> Some of the countermeasures also break lots of legitimate applications
> (Lisp implementations, for example, or precompiled headers for GCC).
>
> (Isn't this quite off-topic for NANOG?)

• Previous message (by thread): DARPA and the network
• Next message (by thread): DARPA and the network
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]