[82992] in North American Network Operators' Group
Re: IOS new architechture will be more vulnerable?
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Aug 3 09:33:58 2005
To: Aaron Glenn <aaron.glenn@gmail.com>
Cc: Saku Ytti <saku+nanog@ytti.fi>, nanog <nanog@merit.edu>
In-Reply-To: Your message of "Wed, 03 Aug 2005 03:49:43 PDT."
<18f6019405080303493532bfe4@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 03 Aug 2005 09:33:20 -0400
Errors-To: owner-nanog@merit.edu
--==_Exmh_1123076000_3101P
Content-Type: text/plain; charset=us-ascii
On Wed, 03 Aug 2005 03:49:43 PDT, Aaron Glenn said:
> ...here's what the junior kernel hacker in me doesn't quite understand
> - doesn't software like ProPolice and it's brethren mitigate this type
> of vulnerability specifically? What, precisely, prevents Cisco from
> implementing such code in with their architecture?
"mitigate vulnerability" != "prevent vulnerability".
As long as it's a von Neumann architecture rather than a Harvard architecture,
there's potential issues. Note that many mitigation strategies are basically
attempts to make it more Harvard-like....
Whether mitigation is sufficient is a topic for another list..
--==_Exmh_1123076000_3101P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFC8MegcC3lWbTT17ARAj5rAJ44FdELM0nZx2ONuJqdle+v+3JtSACgvsTo
3X/IUhS9JiFX331c4vWMvTM=
=8+3u
-----END PGP SIGNATURE-----
--==_Exmh_1123076000_3101P--
