| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200308152226.h7FMQdhd028205@cvs.openbsd.org> Date: Fri, 15 Aug 2003 16:26:39 -0600 From: Theo de Raadt <deraadt@....openbsd.org> To: noir <noir@....linux.org.tr> Cc: bugtraq@...urityfocus.com Subject: Re: Buffer overflow prevention > pros and cons of the two ? > i think the comparison should be like "how much more does wOpenBSD lacks > compared to PAX ?" > > he might try to mean whatever but there is one thing obvious which is best > known as "rip-off" > > i think you should read this instead: > http://archives.neohapsis.com/archives/openbsd/2003-04/1681.html > > - noir > > w as in http://stargliders.org/phrack/mmhs.jpg I have made it clear many times that W^X inside OpenBSD came into being without me even being aware of PAX. I may have stumbled past HAL2001 on my way from IETF in London to Usenix Security in DC, but I never went to any of the talks there, and I do not recall ever talking to anyone about anything in any way like W^X. I spent most of the time talking with European OpenBSD developers and Solar Designer, and do not recall any topics about protecting the address space ever coming up. Almost a year later, we started working on W^X. We started on non-i386 machines like the sparc and alpha because at the time we could not think of a way of doing i386 W^X. If we had been aware of PAX as you claim, why would we have thought that i386 solutions were impossible? There is only one thing I have found the various PAX people to have in common; they are very persistant at calling other people liars. Can you people please grow up?
Powered by blists - more mailing lists