[31235] in bugtraq
Re: Buffer overflow prevention
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Mon Aug 18 11:13:35 2003
Message-Id: <200308152226.h7FMQdhd028205@cvs.openbsd.org>
To: noir <noir@gsu.linux.org.tr>
Cc: bugtraq@securityfocus.com
In-reply-to: Your message of "Sat, 16 Aug 2003 00:07:38 +0300."
<Pine.LNX.4.44.0308152357490.21218-100000@gsu.linux.org.tr>
Date: Fri, 15 Aug 2003 16:26:39 -0600
From: Theo de Raadt <deraadt@cvs.openbsd.org>
> pros and cons of the two ?
> i think the comparison should be like "how much more does wOpenBSD lacks
> compared to PAX ?"
>
> he might try to mean whatever but there is one thing obvious which is best
> known as "rip-off"
>
> i think you should read this instead:
> http://archives.neohapsis.com/archives/openbsd/2003-04/1681.html
>
> - noir
>
> w as in http://stargliders.org/phrack/mmhs.jpg
I have made it clear many times that W^X inside OpenBSD came into
being without me even being aware of PAX.
I may have stumbled past HAL2001 on my way from IETF in London to
Usenix Security in DC, but I never went to any of the talks there, and
I do not recall ever talking to anyone about anything in any way like
W^X. I spent most of the time talking with European OpenBSD
developers and Solar Designer, and do not recall any topics about
protecting the address space ever coming up. Almost a year later, we
started working on W^X. We started on non-i386 machines like the
sparc and alpha because at the time we could not think of a way of
doing i386 W^X.
If we had been aware of PAX as you claim, why would we have thought
that i386 solutions were impossible?
There is only one thing I have found the various PAX people to have in
common; they are very persistant at calling other people liars. Can
you people please grow up?
