OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Buffer overflow prevention

From: Theo de Raadt (deraadtcvs.openbsd.org)
Date: Fri Aug 15 2003 - 17:26:39 CDT


> pros and cons of the two ?
> i think the comparison should be like "how much more does wOpenBSD lacks
> compared to PAX ?"
>
> he might try to mean whatever but there is one thing obvious which is best
> known as "rip-off"
>
> i think you should read this instead:
> http://archives.neohapsis.com/archives/openbsd/2003-04/1681.html
>
> - noir
>
> w as in http://stargliders.org/phrack/mmhs.jpg

I have made it clear many times that W^X inside OpenBSD came into
being without me even being aware of PAX.

I may have stumbled past HAL2001 on my way from IETF in London to
Usenix Security in DC, but I never went to any of the talks there, and
I do not recall ever talking to anyone about anything in any way like
W^X. I spent most of the time talking with European OpenBSD
developers and Solar Designer, and do not recall any topics about
protecting the address space ever coming up. Almost a year later, we
started working on W^X. We started on non-i386 machines like the
sparc and alpha because at the time we could not think of a way of
doing i386 W^X.

If we had been aware of PAX as you claim, why would we have thought
that i386 solutions were impossible?

There is only one thing I have found the various PAX people to have in
common; they are very persistant at calling other people liars. Can
you people please grow up?