nanog mailing list archives
Re: DARPA and the network
From: Henning Brauer <hb-nanog () bsws de>
Date: Tue, 6 Sep 2005 12:40:41 +0200
* Florian Weimer <fw () deneb enyo de> [2005-09-06 11:44]:
* Henning Brauer:so if the BSDs are en par with preventive measures, why is OpenBSD (to my knowledge) the only one shipping ProPolice, which prevented basically any buffer overflow seen in the wild for some time now? Why is OpenBSD the only one to have randomized library loading, rendering basicaly all exploits with fixed offsets unuseable? Why is OpenBSD the only one to have W^X, keeping memory pages writeable _or_ executable, but not both, unless an application fixes us to (by respective mprotect calls)?All these pamper over the real problems and are not very helpful in a service provider environment, where availability might well be more important than integrity. Buffer overflows still lead to crashes.
oh, so turning a remote root into an application crash is something I value quite a bit. this is propolice and w^x, mostly. you skipped all the other stuff I listed that we do.
Some of the countermeasures also break lots of legitimate applications (Lisp implementations, for example, or precompiled headers for GCC).
clisp is the only thing I am aware of that got broken. even emancs works, and those who know how emacs works can value that :)
(Isn't this quite off-topic for NANOG?)
yes, it is. we can further dicuss that in private if you wish; however, claiming OpenBSD is just more vocal about security is just far off reality, and that had to be put in perspective. -- Henning Brauer, hb () bsws de, henning () openbsd org BS Web Services, http://bsws.de OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Current thread:
- Re: DARPA and the network Henning Brauer (Sep 06)
- Re: DARPA and the network Florian Weimer (Sep 06)
- Re: DARPA and the network Henning Brauer (Sep 06)
- Re: DARPA and the network Michael . Dillon (Sep 06)
- Re: DARPA and the network Jay R. Ashworth (Sep 06)
- Re: DARPA and the network Paul Jakma (Sep 06)
- Re: DARPA and the network Henning Brauer (Sep 06)
- Re: DARPA and the network Alexei Roudnev (Sep 06)
- Re: DARPA and the network Florian Weimer (Sep 06)
- Re: DARPA and the network Valdis . Kletnieks (Sep 06)
- Re: DARPA and the network Henning Brauer (Sep 06)