[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200402232033.i1NKXEh18984@netsys.com>
From: hybriz at rego-security.com (hybriz)
Subject: Coming soon: CPU fix for buffer overflows
first of all, despite of what that news website says, that is old news.
second, it's just a page execution bit implementation like other archs have,
it doesnt mean that buffer overflows can will be avoided, it just means
non-exec stack can be subject of a page-wise implementation (not that it hasnt
been done on IA-32, has the PAX hack shows, though with HUGE performance kill).
third, return-into-libc and heap overflows still exist.
forth, win2k source code leak had nothing to do with buffer overflows in
m$ software.
fifth, critical windows source code wasnt leaked, have u seen the tarball?
it only has IE/MSHTML crap and pointless API code, other leaks have proven
much more interesting.
fifth, thank you for that buffer definition, surely most of this list's
subscribers didnt know what a buffer was.
sixth, I love your contributions to this list, they're always so funny that
I just had to say something this time.
regards,
hybriz
--
Powered by blists - more mailing lists