[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Coming soon: CPU fix for buffer overflows

To: rms@computerbytesman.com
Subject: Re: [Full-Disclosure] Coming soon: CPU fix for buffer overflows
From: hybriz <hybriz@rego-security.com>
Date: Mon, 23 Feb 2004 20:28:25 +0000

first of all, despite of what that news website says, that is old news.
second, it's just a page execution bit implementation like other archs have,
it doesnt mean that buffer overflows can will be avoided, it just means
non-exec stack can be subject of a page-wise implementation (not that it hasnt
been done on IA-32, has the PAX hack shows, though with HUGE performance kill).
third, return-into-libc and heap overflows still exist.
forth, win2k source code leak had nothing to do with buffer overflows in
m$ software.
fifth, critical windows source code wasnt leaked, have u seen the tarball?
it only has IE/MSHTML crap and pointless API code, other leaks have proven
much more interesting.
fifth, thank you for that buffer definition, surely most of this list's
subscribers didnt know what a buffer was.
sixth, I love your contributions to this list, they're always so funny that
I just had to say something this time.

regards,
hybriz

--


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] International Convention on Cybercrime
Next by Date: Re: [Full-Disclosure] question on SEH
Previous by thread: Re: [Full-Disclosure] Coming soon: CPU fix for buffer overflows
Next by thread: RE: [Full-Disclosure] Coming soon: CPU fix for buffer overflows
Index(es):
- Date
- Thread