OpenBSD Gets Even More Secure

← Back to Stories (view on slashdot.org)

OpenBSD Gets Even More Secure

Posted by CowboyNeal on Thursday January 30, 2003 @02:11PM from the one-tight-daemon dept.

Telent writes "As seen in this post by Theo de Raadt, OpenBSD is getting even more secure, working on smashing script kiddies running buffer overflow exploits dead. Tightening PROT_* according to the POSIX standards and creating a non-executable stack on most architectures are just two of the recent enhancements, most of which are in -current now."

4 of 362 comments (clear)

Min score:

Reason:

Sort:

Re:concrete galoshes by coene · 2003-01-30 14:29 · Score: 5, Insightful

OpenBSD does not secure by limiting or removing functinality. Instead, it secures through proper programming, working as a team, and tackling issues in sequence.

I understand your joking, but point the next one towards the right area :)
Nonexecutable stacks by Sayjack · 2003-01-30 14:56 · Score: 4, Insightful

A nonexecutable stack is no guarantee of safety. Solaris 2.6 demonstrated this here.

--
-- Good judgement comes with experience. -- Experience comes with bad judgement.
VMS by ArchieBunker · 2003-01-30 14:58 · Score: 5, Insightful

VMS is probably a close second in terms of security. Its C-2 secure right out of the box. Plus most script kiddies would be left scratching their head trying to use it.

--
Only the State obtains its revenue by coercion. - Murray Rothbard
Re:linux should have non-exec stack by defualt by Anonymous Coward · 2003-01-30 20:50 · Score: 5, Insightful

This is plain stupid. The kernel stack has nothing in common with user stack, so trampolines are a special issue there.

Then, trampolines are not the only way to implement nested functions. Just a neat one.

And finally, gcc has all the hooks to turn the memory protection back on for the little chunk that wants stack execution.

Guess what ? gnu-ada uses trampolines, and it works on OpenBSD current...