[31290] in bugtraq
Re: Buffer overflow prevention
daemon@ATHENA.MIT.EDU (Mariusz Woloszyn)
Wed Aug 20 20:01:38 2003
Date: Tue, 19 Aug 2003 21:12:20 +0200 (EEST)
From: Mariusz Woloszyn <emsi@ipartners.pl>
To: Crispin Cowan <crispin@immunix.com>
Cc: Theo de Raadt <deraadt@cvs.openbsd.org>, "" <mtinberg@securepipe.com>,
"" <bugtraq@securityfocus.com>, "" <peter@trusteddebian.org>
In-Reply-To: <3F41C5F6.6020305@immunix.com>
Message-ID: <Pine.LNX.4.50.0308192107290.2830-100000@dzyngiel.ipartners.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
On Mon, 18 Aug 2003, Crispin Cowan wrote:
> OTOH, I like the variable sorting hack in ProPolice, and thought about
> implementing it, but chose instead to concentrate on PointGuard, which
> protects all of the cases that ProPolice variable sorting protects, and
> then some.
>
I's not just a "hack" it's a great improvement that distinguish ProPolice
from Stackguard.
To be honest, it's the main reason why I migrated form SG to PP.
Beside that PP protects function arguments unlike SG!
To recapitulate: SG vs PP 0:2.
--
Mariusz Wołoszyn
Internet Security Specialist, GTS - Internet Partners
