lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050729192120.Y75285@ubzr.zsa.bet> Date: Sat Jul 30 01:26:06 2005 From: measl at mfn.org (J.A. Terranson) Subject: Cisco IOS Shellcode Presentation On Fri, 29 Jul 2005, Frank Knobbe wrote: > On Fri, 2005-07-29 at 18:57 -0500, J.A. Terranson wrote: > > They fucked up. They'll have to fix it then. But thats not the same > as > > the gross negligence they're being accused of. > > I'm not sure that can fix that. Unless they add canaries to the stack > and include other OpenBSD style W^X type checks. Those are one option (one I don't like BTW). Actually, I was alluding to the Harvard Architecture. But however they choose to do it, they'll either have to fix it or suffer the financial consequences. What they *can't* do is put the genie back into the bottle - that particular genie is getting gray hairs now! Also, that Cisco must fix was not the point of my argument. I was trying to point out that Jaosn's basic premise that this was a grossly negligent act by Cisco is pure fiction. -- Yours, J.A. Terranson sysadmin@....org 0xBD4A95BF "A stock broker is someone who handles your money until its all gone." Diana Hubbard (of Scientology fame)
Powered by blists - more mailing lists