The discussion about the various techniques for buffer overflow prevention is very interesting, but if the target is to prevent the security threats caused by buffer overflows, then one should look for an operating system base solution, since it is an OS issue to enforce the security. Solutions based on the control of system calls execution like systrace (http://www.citi.umich.edu/u/provos/systrace/) or remus (http://remus.sourceforge.net/) are just two possible examples of such approach. Massimo --- Massimo Bernaschi: Istituto Applicazioni del Calcolo ---- | IAC-CNR | e-mail: massimo@iac.cnr.it | | V.le del Policlinico 137 | phone: +39 06 88470229 | | 00161 Roma - ITALY | fax: +39 06 4404306 | --------------------------------------------------------------------------- |See http://www.iac.cnr.it/~massimo for my GPG public key or check | |GnuPG Public Key Fingerprint (keyserver.linux.it) | |pub 1024/CAA3FB48 2001/01/04 Massimo Bernaschi <massimo@iac.rm.cnr.it> | | Key fingerprint = 3EFF 7AFF F8A4 F34E 382B DD81 57F3 700A CAA3 FB48| ---------------------------------------------------------------------------
