Mailinglist Archive: opensuse (4020 mails)
| < Previous | Next > |
Re: [SLE] spyware
- From: Johan Nielsen <yep@xxxxxxxxxxxxxx>
- Date: Mon, 4 Oct 2004 13:42:55 +0200
- Message-id: <200410041342.55128.yep@xxxxxxxxxxxxxx>
Mandag den 4. oktober 2004 12:27 skrev Sid Boyce:
> peter Nikolic wrote:
> > On Monday 04 Oct 2004 02:54, Paul W. Abrahams wrote:
>
> <STUFF DELETED>
>
> >>Sure, Linux is harder to break into. but after all, Linux also has its
> >>infamous rootkit. On the principle that better neighborhoods attract a
> >>better class of burglers, Linux would attract sufficiently talented
> >> hackers if it were in wider use.
> >>
> >>Linux, with its underlying foundation of old C code, is particularly
> >>vulnerable to buffer-overflow attacks.
> >>
> >>Paul
> >
> > Ever heard of Libsafe .. ?....
> >
> >
> > worth investigating i dont get problems from buffer overflow attacks
> > thanks to Libsafe it can them before they can cause mischief ..
> >
> > Pete
>
Silly question for you and Pete. How would you implement "Libsafe" into you
Suse distro ??
Secondly other suggestions/"easy" usable pointers to make SuSE a safe place to
be ;-)
TIA
Johan
> Pete, you and I have used libsafe since it was first introduced and make
> sure it's installed. We know you have to look beyond the stuff in the
> distro. We also don't buy into the numbers argument, Windows was not
> designed with security in mind and does nothing to beef up security
> other than issue patches for the current crop of attacks as they are
> exposed. Buffer overflow and format string attacks get killed by libsafe
> (that answers Paul W. Abrahams point above), so the question raised many
> times, including by lwn.net about three years ago as to why only
> Connectiva uses it, perhaps not only Microsoft thinks like Microsoft -
> vulnerability gets exposed, issue a patch to fix it, exposure exists,
> discover it, fix it, hoping you don't get bitten before the fix comes
> out - sounds a crazy scheme to me.
> Regards
> Sid.
>
> --
> Sid Boyce .... Hamradio G3VBV and keen Flyer
> =====LINUX ONLY USED HERE=====
> peter Nikolic wrote:
> > On Monday 04 Oct 2004 02:54, Paul W. Abrahams wrote:
>
> <STUFF DELETED>
>
> >>Sure, Linux is harder to break into. but after all, Linux also has its
> >>infamous rootkit. On the principle that better neighborhoods attract a
> >>better class of burglers, Linux would attract sufficiently talented
> >> hackers if it were in wider use.
> >>
> >>Linux, with its underlying foundation of old C code, is particularly
> >>vulnerable to buffer-overflow attacks.
> >>
> >>Paul
> >
> > Ever heard of Libsafe .. ?....
> >
> >
> > worth investigating i dont get problems from buffer overflow attacks
> > thanks to Libsafe it can them before they can cause mischief ..
> >
> > Pete
>
Silly question for you and Pete. How would you implement "Libsafe" into you
Suse distro ??
Secondly other suggestions/"easy" usable pointers to make SuSE a safe place to
be ;-)
TIA
Johan
> Pete, you and I have used libsafe since it was first introduced and make
> sure it's installed. We know you have to look beyond the stuff in the
> distro. We also don't buy into the numbers argument, Windows was not
> designed with security in mind and does nothing to beef up security
> other than issue patches for the current crop of attacks as they are
> exposed. Buffer overflow and format string attacks get killed by libsafe
> (that answers Paul W. Abrahams point above), so the question raised many
> times, including by lwn.net about three years ago as to why only
> Connectiva uses it, perhaps not only Microsoft thinks like Microsoft -
> vulnerability gets exposed, issue a patch to fix it, exposure exists,
> discover it, fix it, hoping you don't get bitten before the fix comes
> out - sounds a crazy scheme to me.
> Regards
> Sid.
>
> --
> Sid Boyce .... Hamradio G3VBV and keen Flyer
> =====LINUX ONLY USED HERE=====
| < Previous | Next > |