, 2002-07-17
Why Microsoft's Palladium project threatens to send Linux and open-source into exile.
Expand all |
Post comment
The Devil And The Deep Blue Sea
2002-07-18
Anonymous (6 replies)
Anonymous (6 replies)
Take a chill pill
2002-07-18
Anonymous Bastard (3 replies)
Anonymous Bastard (3 replies)
take your own advice
2002-07-19
rsullivan@art-line.com (1 replies)
rsullivan@art-line.com (1 replies)
Re: take your own advice
2002-07-19
Anonymous Bastard (2 replies)
Anonymous Bastard (2 replies)
Re: take your own advice
2002-07-19
Anonymous (2 replies)
Anonymous (2 replies)
It is time for "security enhanced linux" to be put on the front burner NOW!
2002-07-29
100% of distros should be 100% SE Linux
100% of distros should be 100% SE Linux
Instead they propose some platform that won't fix anything.
What happens if you DO have a buffer overflow in a signed module? It will probably run at the privilege level of the signature if you don't fix the fundamental problem with the exploit (it normally only verifies the signature once on loading). It might reverify, but unless there is a way of insuring the PC is within a range, or that you have something like separate code and data stacks, or any of a dozen other things that will solve the problem without requiring any signature, the signature will simply mean that the program is signed.
Drivers are now signed, but is there really any way to insure there is not backdoor? What about a DMA device - you could use a driver to tell it to overwrite a page or two as part of the normal programming. It would be signed, but so what? Does/Will Microsoft audit all the code it signs, or merely insure there is an entity to blame?
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/96/15738#15738