[KLUG Members] SELinux anyone?

[Adam Williams]

> >Non-executabke stack / data-pages seems like a no-brainer hacker
> >proofin thing.  Is there an argument for why such a thing isn't a
> >standard feature in every OS?
> Because your beloved Intel(r) sucks. ;-)

No love lost here;  I'd run everything on RS/6000 (PowerPC) hardware if
it wasn't so hard to come buy.  I don't even think there is a pSeries
laptop anymore. :(  And I just really dislike Apple hardware,  it feels
so chinsey - whereas I think I could build a bomb shelter out of RS/6000
hardware.

Anyone know if the Opteron (AMD's new 64-bit wonder) addresses this
issue?  From everything I've read this is AMD's first chip to not-suck;
and their actually posting real performance numbers like SPECint and
SPECfp instead of their usual Quake-frames-per-second crap.

> Most high-powered Unix chips (Power4, PA-RISC, *Sparc) can tag memory
> addresses (per POSIX) as rwx, or readable, writeable and executable.
> Intel can, but in a very brain-dead way: it isn't straight-forward
> (remember 286 segmented memory? 

Yes, I remember the 80286; not fondly.  All those memory managers, and
task managers, and TSRs that where supposed to make the thing
multicast...

> See the following (including a ringing endorsement of OSS) for an
> updated version of the classic "Smashing the Stack for Fun and Profit":
> http://www.cs.ucsb.edu/~jzhou/security/overflow.html

Nice intro to the whole issue.  It's been so long since I saw any
assember.  I'm curious though to what degree this is possible through
applications written in languages like C# that bounds check everything? 
I assume, there will probably just be exploits of C#/Java, etc... socket
handling routing, etc... which are probably themselves written in C.