[Gllug] just preaching to the converted !
Nix
nix at esperi.org.uk
Tue Oct 25 21:43:01 UTC 2005
On Tue, 25 Oct 2005, Martin A. Brooks stipulated:
> Chris Hunter wrote:
>> This is unlike an OS like Windows - most installs are much the same,
>> and an abuse of one is /very/ likely to work on another.
>
> I don't agree with your point. Every debian install I've ever done,
> will have the same core packages as every other debian machine on the
> planet. An exploit that works on one will work on all.
But there's still a lot of diversity. None of them will work on my
firewall 'cos it's running compiled-from-source binaries with
FORITFY_SOURCE; your random x86 overflow won't work on a SPARC, et seq.
(This is just one of the reasons why I prefer *not* to use precompiled
binaries. I'm wondering about the feasibility of adding random
perturbations to stack frames as well, done with zero overhead by a
suitable rand() call in GCC... hm, I shall have to hack that up.)
> Rigorous testing and timely updating of packages is an essential
> underpinning to maintaining a secure system.
I don't see what testing (other than pen-testing) has to do with
security. Stability, sure. Security, no. No amount of testing can prove
a system secure.
--
`"Gun-wielding recluse gunned down by local police" isn't the epitaph
I want. I am hoping for "Witnesses reported the sound up to two hundred
kilometers away" or "Last body part finally located".' --- James Nicoll
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list