Mailinglist Archive: opensuse-security (160 mails)
| < Previous | Next > |
Re: [suse-security] Will SuSE support stack smashing protection one day?
- From: Derek Fountain <dflists@xxxxxxxxxxxx>
- Date: Thu, 30 Dec 2004 08:20:58 +0800
- Message-id: <200412300820.59052.dflists@xxxxxxxxxxxx>
On Wednesday 29 December 2004 23:39, Randall R Schulz wrote:
> > > SSP offers protection against vulnerabilites that may
> > > not have been discovered yet and IMHO this is anything but shitty.
> >
> > Er, a vulnerablility that hasn't been discovered isn't a danger to
> > anyone and doesn't need protecting against! I'm not sure what you
> > mean to say here.
>
> That certainly does not follow. Black hats can discover vulnerabilities,
> and I doubt they'd report them to CERT or another risk tracking and
> reporting authority.
Um, but when a blackhat discovers it it's no longer undiscovered! My point
wasn't about the theoretical semantics of when a vulnerability actually
becomes a danger (obvious answer: when someone finds it) but that I thought
the OP was trying to raise a different point.
> > > SSP offers protection against vulnerabilites that may
> > > not have been discovered yet and IMHO this is anything but shitty.
> >
> > Er, a vulnerablility that hasn't been discovered isn't a danger to
> > anyone and doesn't need protecting against! I'm not sure what you
> > mean to say here.
>
> That certainly does not follow. Black hats can discover vulnerabilities,
> and I doubt they'd report them to CERT or another risk tracking and
> reporting authority.
Um, but when a blackhat discovers it it's no longer undiscovered! My point
wasn't about the theoretical semantics of when a vulnerability actually
becomes a danger (obvious answer: when someone finds it) but that I thought
the OP was trying to raise a different point.
| < Previous | Next > |