lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200402232033.i1NKXEh18984@netsys.com>
From: hybriz at rego-security.com (hybriz)
Subject: Coming soon: CPU fix for buffer overflows

first of all, despite of what that news website says, that is old news.
second, it's just a page execution bit implementation like other archs have,
it doesnt mean that buffer overflows can will be avoided, it just means
non-exec stack can be subject of a page-wise implementation (not that it hasnt
been done on IA-32, has the PAX hack shows, though with HUGE performance kill).
third, return-into-libc and heap overflows still exist.
forth, win2k source code leak had nothing to do with buffer overflows in
m$ software.
fifth, critical windows source code wasnt leaked, have u seen the tarball?
it only has IE/MSHTML crap and pointless API code, other leaks have proven
much more interesting.
fifth, thank you for that buffer definition, surely most of this list's
subscribers didnt know what a buffer was.
sixth, I love your contributions to this list, they're always so funny that
I just had to say something this time.

regards,
hybriz

--



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ