[Gllug] just preaching to the converted !

Nix nix at esperi.org.uk
Tue Oct 25 21:43:01 UTC 2005


On Tue, 25 Oct 2005, Martin A. Brooks stipulated:
> Chris Hunter wrote:
>> This is unlike an OS like Windows - most installs are much the same,
>> and an abuse of one is /very/ likely to work on another.
> 
> I don't agree with your point.  Every debian install I've ever done,
> will have the same core packages as every other debian machine on the
> planet.  An exploit that works on one will work on all.

But there's still a lot of diversity. None of them will work on my
firewall 'cos it's running compiled-from-source binaries with
FORITFY_SOURCE; your random x86 overflow won't work on a SPARC, et seq.

(This is just one of the reasons why I prefer *not* to use precompiled
binaries. I'm wondering about the feasibility of adding random
perturbations to stack frames as well, done with zero overhead by a
suitable rand() call in GCC... hm, I shall have to hack that up.)

> Rigorous testing and timely updating of packages is an essential
> underpinning to maintaining a secure system.

I don't see what testing (other than pen-testing) has to do with
security. Stability, sure. Security, no. No amount of testing can prove
a system secure.

-- 
`"Gun-wielding recluse gunned down by local police" isn't the epitaph
 I want. I am hoping for "Witnesses reported the sound up to two hundred
 kilometers away" or "Last body part finally located".' --- James Nicoll
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list