I was thinking --- it wouldn't be too hard to make buffer overflow attacks impossible. The basic idea is to do away with binary compatibility. In particular, I was thinking that part of building a kernel would involve assigning a random number to each syscall, and creating a syscall.h file with these random numbers. A binary would only run if it was compiled with the proper syscall.h, so all binaries would have to be recompiled for the new kernel, but then, syscall.h could be removed, and the system would be impervious to buffer overflow attacks. (One step further would involve random magic numbers in every function call.) I would be happy to give up binary compatilibyt for the added security it would add. Comments? -Joel Hoffman (joelat_private)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:03:00 PDT