[55456] in North American Network Operators' Group
Re: Bell Labs or Microsoft security?
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Wed Jan 29 13:04:24 2003
Date: Wed, 29 Jan 2003 18:00:30 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: nanog@merit.edu
In-Reply-To: <20030129173622.GL78231@overlord.e-gerbil.net>
Errors-To: owner-nanog-outgoing@merit.edu
RAS> Date: Wed, 29 Jan 2003 12:36:22 -0500
RAS> From: Richard A Steenbergen
RAS> Note I'm making a distinction between fixing the string
RAS> libraries to handle overflow situations better, and changing
RAS> the entire OS to do array bounds checking. One is good, the
RAS> other is not.
Okay. I'll buy that.
On a somewhat similar note, it's too bad x86 lacks native support
for diasbling PROT_EXEC. That wouldn't solve everything, but it
would help. (I recall a paper on some funky asm-foo to implement
it, but only skimmed it...)
The real definition of layered security: We needn't worry about
that here, because another layer will take care of it.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@brics.com>, or you are likely to
be blocked.
