SecurityFocus

Re: Buffer overflow prevention Aug 14 2003 05:26PM
Mariusz Woloszyn (emsi ipartners pl) (6 replies)

Re: Buffer overflow prevention Aug 14 2003 11:27PM
Shaun Clowes (shaun securereality com au) (1 replies)

Re: Buffer overflow prevention Aug 15 2003 06:48PM
Crispin Cowan (crispin immunix com) (1 replies)

Re: Buffer overflow prevention Aug 17 2003 11:09PM
Shaun Clowes (shaun securereality com au) (1 replies)

Re: Buffer overflow prevention Aug 17 2003 10:42PM
Crispin Cowan (crispin immunix com) (2 replies)

Heterogeneity as a form of obscurity, and its usefulness Aug 21 2003 02:00AM
Bob Rogers (rogers-bt2 rgrjr dyndns org) (1 replies)

Re: Heterogeneity as a form of obscurity, and its usefulness Aug 22 2003 03:56AM
Crispin Cowan (crispin immunix com) (1 replies)

Re: Heterogeneity as a form of obscurity, and its usefulness Aug 22 2003 06:21PM
Nicholas Weaver (nweaver CS berkeley edu)

Re: Buffer overflow prevention Aug 18 2003 06:07PM
Mark Handley (M Handley cs ucl ac uk) (1 replies)

Re: Buffer overflow prevention Aug 18 2003 08:11PM
Crispin Cowan (crispin immunix com)

Re: Buffer overflow prevention Aug 14 2003 07:37PM
Theo de Raadt (deraadt cvs openbsd org) (3 replies)

Re: Buffer overflow prevention Aug 16 2003 01:14PM
sauron (unixlabs noos fr)

Re: Buffer overflow prevention Aug 14 2003 09:14PM
Gerhard Strangar (gerhard brue net) (1 replies)

Re: Buffer overflow prevention Aug 14 2003 09:43PM
Theo de Raadt (deraadt cvs openbsd org) (1 replies)

Re: Buffer overflow prevention Aug 14 2003 10:19PM
Gerhard Strangar (gerhard brue net)

Re: Buffer overflow prevention Aug 14 2003 08:09PM
Matt D. Harris (vesper depraved org)

Theo de Raadt wrote:
> I believe the best protection (at this time) is to combine ProPolice with
> a W^X technology.

Solaris 2.6 and above also support a kernel variable which can be set
via /etc/system called "noexec_user_stack", which can make the stack for
userland processes non-executable by default. Note that this behavior
is the default for 64-bit binaries in Solaris 7, 8, and 9, and this
kernel variable forces the behavior for 32-bit binaries. I run all
sorts of odd software and have never had an issue with having this
always turned on for all of my systems.

[ reply ]

Re: Buffer overflow prevention Aug 14 2003 07:17PM
Timo Sirainen (tss iki fi) (1 replies)

Re: Buffer overflow prevention Aug 14 2003 08:15PM
Jedi/Sector One (j pureftpd org) (1 replies)

Re: Buffer overflow prevention Aug 15 2003 09:54AM
Peter Busser (peter trusteddebian org)

Re: Buffer overflow prevention Aug 14 2003 06:47PM
Jedi/Sector One (j pureftpd org) (2 replies)

Re: Buffer overflow prevention Aug 15 2003 09:41AM
Peter Busser (peter trusteddebian org) (2 replies)

Re: Buffer overflow prevention Aug 16 2003 01:36AM
Mark Tinberg (mtinberg securepipe com) (2 replies)

Re: Buffer overflow prevention Aug 18 2003 08:43PM
Crispin Cowan (crispin immunix com)

Re: Buffer overflow prevention Aug 18 2003 08:41PM
Peter Busser (peter trusteddebian org)

Re: Buffer overflow prevention Aug 15 2003 05:55PM
stealth (stealth segfault net)

Re: Buffer overflow prevention Aug 14 2003 08:24PM
Miod Vallat (miod online fr)

Re: Buffer overflow prevention Aug 14 2003 06:27PM
Thomas Sjögren (thomas northernsecurity net)

Re: [Full-Disclosure] Re: Buffer overflow prevention Aug 14 2003 04:51PM
KF (dotslash snosoft com)