Fedora meeting Mono Half-Way
Peter Jones
pjones at redhat.com
Thu Dec 15 18:45:09 UTC 2005
On Thu, 2005-12-15 at 18:44 +0100, Arjan van de Ven wrote:
> > g_list, g_string and friends already provide that interface set in C and
> > fairly efficiently. Most gnome C apps use them and GNOME has had almost no
> > buffer overrun problems. Lots of other problems but not those.
>
> in addition the execshield tech (gcc/glibc/kernel) makes buffer
> overflows basically impossible to abuse anyway (like -fstack-protector,
> FORTIFY_SOURCE, NX, randomisation etc etc)
That's true, and while I love the enhanced security we get from this, it
kind of ignores the bigger picture. Detecting faults better and
crashing in a way that's not exploitable does nothing to address
usability or stability. A crashing program is still catastrophic for
users, even if it's no longer a root exploit.
--
Peter
More information about the fedora-devel-list
mailing list