[Sussex] Windows XP SP2 firewall nightmare

Jon Fautley jon at geekpeople.net
Tue Mar 30 11:06:42 UTC 2004


Andrew Guard wrote:

>Nope, it is made from Microsoft source code.
>
>Now what is worring me most is whitin section called Memory protection.
>That they software has problem but that is only because of CPU.  Now that
>new one on me, I hear Sun, Linux Kernals all blaming CPU's for securty
>problems all the time, NOT!
>  
>
Actually, they do :)

OpenBSD has made their latest kernel(s) VERY secure against buffer 
overflows/stack smashing/etc, but the underlying problem is with the CPU 
- a lot of them do not have a "no-execute" instruction, which means that 
if something bad does make it into the wrong memory space, then it'll 
get executed, unless it has the NoEx flag set.

.. at least that's how I understand it, but then, i'm not a coder ... :)

there was a discussion on Full-Disclosure about this topic a few weeks 
ago, if memory serves, it should be in the archives if you want to look.

Jon




More information about the Sussex mailing list