[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/3] Add support for OpenBSD

On 18/10/06 17:34, "Anil Madhavapeddy" <anil@xxxxxxxxxxxxx> wrote:

>> We have that already in arch/x86/Rules.mk. If that was working, I
>> doubt
>> Christoph would have gone to the trouble of hacking up the SSP goop.
> That flag definitely works.
> I think Christoph wanted to get stack protection working, as all the
> other OpenBSD bits (kernel/userland) use it.  There isn't much to it
> beyond adding the stack smash handler, and the stack frame format
> changes a bit...

I don't think stack-smashing attacks are a worrying vulnerability for Xen.
We don't do much variable-sized buffer manipulation, strcpy, and so on. I'd
much rather see someone put some effort into something more likely to be
useful (albeit undoubtedly more work!) like randomised attacks on the
hypercall interfaces.

 -- Keir

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.