On Fri, Jan 21, 2005 at 09:08:17AM +0800, Rogelio Serrano wrote: > Is there a way to have these kind of protection without hiding bugs. > Maybe the audit framework can help? "Hiding bugs" is _not_ what a non-executable stack or data segment does; if a program relies on executable stack or data segment for executing, the process will die a miserable death. And loudly, at that. If the program allows this behaviour accidently (say, bounds checking error such as the type that StackGuard can protect against) then the flaw will in fact be much _easier_ to spot with such a tool. (StackGuard has found a _lot_ of bugs in software that went unnoticed because the consequences weren't very dire, including a hilarious off-by-one array access in glibc's test suite.) No, in my experience, tools like stackguard, Solar's non-executable stack, and similar, do a great job _finding_ buggy code that would otherwise survive in the wild unnoticed for years...
This archive was generated by hypermail 2.1.3 : Thu Jan 20 2005 - 18:21:43 PST