lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 23 Jan 2007 15:41:27 +0000
From:	Alan <alan@...rguk.ukuu.org.uk>
To:	Samium Gromoff <_deepfire@...lingofgreen.ru>
Cc:	Pavel Machek <pavel@....cz>,
	Samium Gromoff <_deepfire@...lingofgreen.ru>,
	Valdis.Kletnieks@...edu, David Wagner <daw@...berkeley.edu>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Undo some of the pseudo-security madness

> SBCL is the most actively developed open source Common Lisp implementation,
> which has an optimising native compiler built in, so it is not an interpreter,
> and is, most certainly, not crappy.

If it requires MAP_FIXED I would beg to disagree.

> 1. cannot serve as a vehicle for exploitation for binaries unmarked
> with this flag
> 2. serve the application deployment cause -- abolish the need for
> application-specific system tweaks
> 3. remove the need for the ugly self-reexecution tweak people
> needing an absolutely unadulterated memory map have to resort to /now/,
> even in a non-setuid case 

Seems sensible to me. If you specifically need that mapping behaviour and
ask for it then it wouldn't be hard to provide.

> Please, shrug off that C-esque center-of-the-world attitude,
> the fact there are thousand times as many C programmers does not

Randomisation has nothing to do with C. In fact from a C perspective the
compiler and linker do a lot of work to deal with ELF and loading code at
arbitary addresses for dynamic linking and the like, not the user and
not as language constructs. Perhaps the Lisp universe should wake up and
meet the 1980s 8)


Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ