| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4427DAF8.4090207@netsyncro.com> Date: Mon Mar 27 14:16:55 2006 From: cbergstrom at netsyncro.com (Christopher Bergström) Subject: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pilon Mntry wrote: > [snip] > >>What about >>using the >>facilities already provided by the OS to enforce the >>sandbox? >> >> > >But then will it be possible to prevent buffer >overflows, still running on unmanaged code? > > > There are Pax patches for Linux kernel, *BSD has their own flavour (the name slips my memory) and I believe since service pack 2 XP had some form of SSP. (Which I've only heard about and not seen nor used.) If you have managed code concerns the Mono [1] project is certainly a work in progress, but over the next year I'd like to help overcome any obvious oversights in security. Novell has some bright developers dedicated to security alone and that might be something to look at. Ask or give suggestions on the Mono users-list as it's always appreciated. Cheers, C. [1] www.mono-project.com
Powered by blists - more mailing lists