Leopard: Stopping Buffer Overflows
via email
Joe Kissell's 10/22 article "How Leopard Will Improve Your Security"
(http://db.tidbits.com/article/9251) reminded me yet again of how
much has been lost in the migration from mainframes to personal
computers, and how much that has cost us all in terms of security
vulnerabilities. The infamous buffer overflows, for example, are
effectively impossible in machines that have independent I/O
controllers. Physical separation of data and instructions, though
originally designed as a clever way around addressing limitations,
also serves to prevent dynamic modification of instructions, whether
accidental or malicious.
[Actually, that was Rich Mogull's article. I can see how you might have been thrown off by the fact that our last names both end in -ll. :-) -Joe]
The Leopard features which Joe describes are certainly steps in the
right direction. So are Unix-style permissions, isolation of user
accounts from each other and from the OS, and hardware control of
privilege levels. But there are still many valuable lessons from the
past that need to be re-learned before we reach the level of security
that we really need in this highly-interconnected modern world.
Carl
(a dinosaur who worked through most of the mainframe & minicomputer
era and now bounces gleefully among multiple Mac and DOS machines)
Mark as Read
|
| |||||||||||||
|
![[F]](/Images/i7/site.gif){kind=small}
TidBITS 
TidBITS TidBITS Talk Leopard: Stopping Buffer Overflows
