Re: considerations about exploits tricks

Can we defeat overflows? Well, sure, but one (or both) of three things need to happen. First, you need to teach every software programmer and engineer how to properly bound their code. Second, you need to write a program that will inspect and intelligently decide whether code in memory needs to be bounded. Good luck with that. Or three, randomize memory so much that an attacker can't predict it.

This last piece is where a lot of progress has been made, but who is to say we even know about all the possible overflows that may happen? In 3 years, will some new technique be discovered? Will some new programming or technology recover old overflows we thought were fixed?

Let alone everything else about security such as the people as others have already mentioned. We can't win the whole battle against attackers, but we can be successful in our defenses and risk management. And the OS dramatically changes often, due to economics and human technological progress...which can usher in whole new classes of vulns...

If you want to think otherwise, I will point to teen pregnancy, murder, and drug use as other evils, and ask you why we've not "solved" these issues to the point that they are eradicated and the battle won...


<- snip ->
Hello,

I wonder about security holes which are still present in our OS, which let attackers take over control. I have heard about PAX system, ProPolice and other, which in consolidation should well defend system against attacks like buffer overflow. Is it not enough? Can't we really win the battle against buffer overflow and heap overflow?

opexoc

Relevant Pages

  • Re: what guns have done to america
    ... > The non-gun murder rate in the USA is higher than the total murder ... > guns in the USA disappear, and prevent criminals from hiding foreign ... > guns in illegal drug shipments, *AND* no drug dealers knifed each ... He is also an Anti-Gun Zealot that keeps getting busted ...
    (talk.politics.guns)
  • Bouncer linked to Drug Kingpin
    ... Bouncer linked to drug kingpin ... An ex-con bouncer being questioned in the murder of Boston native Imette St. ... Darryl Littlejohn of Queens, who remained in custody yesterday in New ... said authorities were probing Littlejohn's work with Nichols in the South ...
    (alt.true-crime)
  • Re: Superman and the War on Smokers (Minor spoilers)
    ... can't hurt a child if the child never inhales it. ... overdoses ingested through breast milk. ... And tobacco is a drug that has killed more people ... manslaughhter into murder. ...
    (rec.arts.movies.current-films)
  • Re: Superman and the War on Smokers (Minor spoilers)
    ... drug overdoses ingested through breast milk. ... Which is a legal standard that applies to manslaughter, not murder. ... Otherwise intent means nothing. ... In order to rule on the law it is necessary to understand the law. ...
    (rec.arts.movies.current-films)
  • Re: what guns have done to america
    ... The non-gun murder rate in the USA is higher than the total murder ... guns in the USA disappear, and prevent criminals from hiding foreign ... guns in illegal drug shipments, *AND* no drug dealers knifed each ...
    (talk.politics.guns)
Quantcast