, 2002-07-17
Why Microsoft's Palladium project threatens to send Linux and open-source into exile.
Expand all |
Post comment
The Devil And The Deep Blue Sea
2002-07-18
Anonymous (6 replies)
Anonymous (6 replies)
Take a chill pill
2002-07-18
Anonymous Bastard (3 replies)
Anonymous Bastard (3 replies)
take your own advice
2002-07-19
rsullivan@art-line.com (1 replies)
rsullivan@art-line.com (1 replies)
Re: take your own advice
2002-07-19
Anonymous Bastard (2 replies)
Anonymous Bastard (2 replies)
Re: take your own advice
2002-07-19
Anonymous (2 replies)
Anonymous (2 replies)
It is time for "security enhanced linux" to be put on the front burner NOW!
2002-07-29
100% of distros should be 100% SE Linux
100% of distros should be 100% SE Linux
Here's an example: The developer has only allocated 32 bytes for a buffer. The attacker manages to stuff 64 bytes into it. Those 64 bytes are copied into the storage space allocated for the buffer. The "extra" 32 bytes don't just disappear: they get placed in the memory that follows the buffer.
So whatever was assigned to use the memory area just after the buffer got stomped on. This might be storage for variables, machine code... whatever. What does this do? That depends on how clever the attacker is.
But the key here is that the program in *memory* is being messed with - after it's been verified as trustworthy. So the buffer overflow attack can't be stopped by Palladium.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/96/15724#15724