lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200308191814.h7JIElhd027124@cvs.openbsd.org>
Date: Tue, 19 Aug 2003 12:14:47 -0600
From: Theo de Raadt <deraadt@....openbsd.org>
To: cwidmer@...c.ethz.ch
Cc: bugtraq@...urityfocus.com, misc@....openbsd.org
Subject: Re: Buffer overflow prevention


> i don't care about other peoples war. but:
> 
> > W^X was invented because we saw the need for it.  We had no idea that
> > anyone else was working in the same area.
> 
> i think it is somewhat strange. there realy smart people start building 
> something before they do some research and look if someone else is 
> doing something similar?

PAX was not really published in anything that I read.  Compare it to
stackghost, a usenix security paper, which we have put some effort at
integrating.

Our tact was to support it first on cpu's that had a proper X bit in
their pte.  Ie, sparc64 and alpha and such.  Solving the problem on
x86 was not on our radar until, lemme think, perhaps while we were
eating curry during Usenix Monterey at that Irish pub....

As one of our developers said yesterday:

<miod> more exactly, we heard of pax when they started bitching

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ