Seth Arnold wrote: >On Fri, Jan 21, 2005 at 09:08:17AM +0800, Rogelio Serrano wrote: > > >>Is there a way to have these kind of protection without hiding bugs. >>Maybe the audit framework can help? >> >> > >"Hiding bugs" is _not_ what a non-executable stack or data segment does; >if a program relies on executable stack or data segment for executing, >the process will die a miserable death. And loudly, at that. > > But to be fair to Rogelio, defensive measures like StackGuard and NX do "hide" bugs in that the bug is not visible until run time conditions trigger the bug and thence the defense. So in effect, the attacker is the one who "discovers" the bug, and defenses like StackGuard and NX notify you that someone else has discovered vulnerable code running on your box. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com
This archive was generated by hypermail 2.1.3 : Thu Jan 20 2005 - 22:02:57 PST