[20361] in bugtraq
Re: Immunix OS Security update for netscape
daemon@ATHENA.MIT.EDU (Crispin Cowan)
Sun Apr 22 13:33:40 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <3AE1D4B0.469139DC@wirex.com>
Date: Sat, 21 Apr 2001 11:42:57 -0700
Reply-To: crispin@WIREX.COM
From: Crispin Cowan <crispin@WIREX.COM>
X-To: Greg KH <greg@WIREX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Greg KH wrote:
> No, you are correct, I shouldn't have labeled this release with the
> "StackGuard" label on the rpm package to remain consistent with the
> current 6.2 package naming scheme. It is just rebundling the binaries,
> and we do not compile Netscape with the StackGuard compiler.
However, we have built Mozilla with StackGuard, which required a few hacks to Mozilla to that it's
loadable module interface would recognize StackGuard stack frames. The work was actually done by
Leslie Ann Ong as her term praper project in my winter security course
http://www.cse.ogi.edu/~crispin/527/
We haven't got around to releasing it, because it is tangential to our server business, and we'd have
to maintain the forward port of this patch as Mozilla marches on. If there's a core Mozilla developer
out there who would like to adopt this patch and get it pushed into the mainline, please contact us.
--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution: http://immunix.org
