On Tuesday 28 December 2004 08:47, Allen wrote:
On Tuesday 28 December 2004 01:11, Malte Gell wrote:
Isn't this wishful thinking or unfeasable to a certain degree? I just thought if OpenBSD ships with SSP it must have noticeable advantages, otherwise they hadn't included it.
It does, they can brag how secure it is over other OSs in a default state. Which is shit anyway, an OS should come with a more useable state than secure, and it should be up to the admin to secure it as needed. Which is why I don't like Open BSD. They have code audits, big deal so does SUSE, they ship it with everything turned off..... Big deal, you can do that with any Linux / BSD. It's shitty.
What has turning on/off un/needed services to do with protection against buffer overflows? SSP offers protection against vulnerabilites that may not have been discovered yet and IMHO this is anything but shitty. It would be interesting to see how much attacks had been prevented if SSP were used more widely. Malte