IOS new architechture will be more vulnerable?
quotes from wired interview with Mike Lynn " WN: So this new version of the operating system that they're coming out with, that's in beta testing. Lynn: It's actually a better architecture ... but it will be less secure.... That's why I felt it was important to make the point now rather than sweep it under the rug. I think it's something that we can fix.... " " But at the same time, now that I think they already are, I will say it's not as bad as you probably think it is. Not yet ... because the version that makes this an unstoppable critical problem is not out yet. " What exactly does this mean?
On (2005-08-03 06:24 -0400), Joe Maimon wrote:
But at the same time, now that I think they already are, I will say it's not as bad as you probably think it is. Not yet ... because the version that makes this an unstoppable critical problem is not out yet.
What exactly does this mean?
You might want to read lynn-cisco.pdf. This means that today to exploit heap overflows you need to know the offsets per release, supposedly tomorrow the offsets will be static per releasese in new (in some terms better) architecture, which will make exploiting heap overflows much more feasible. -- ++ytti
On 8/3/05, Saku Ytti <saku+nanog@ytti.fi> wrote:
You might want to read lynn-cisco.pdf. This means that today to exploit heap overflows you need to know the offsets per release, supposedly tomorrow the offsets will be static per releasese in new (in some terms better) architecture, which will make exploiting heap overflows much more feasible.
without getting *too* off topic... ...here's what the junior kernel hacker in me doesn't quite understand - doesn't software like ProPolice and it's brethren mitigate this type of vulnerability specifically? What, precisely, prevents Cisco from implementing such code in with their architecture? aaron.glenn
On Wed, 03 Aug 2005 03:49:43 PDT, Aaron Glenn said:
...here's what the junior kernel hacker in me doesn't quite understand - doesn't software like ProPolice and it's brethren mitigate this type of vulnerability specifically? What, precisely, prevents Cisco from implementing such code in with their architecture?
"mitigate vulnerability" != "prevent vulnerability". As long as it's a von Neumann architecture rather than a Harvard architecture, there's potential issues. Note that many mitigation strategies are basically attempts to make it more Harvard-like.... Whether mitigation is sufficient is a topic for another list..
participants (4)
-
Aaron Glenn -
Joe Maimon -
Saku Ytti -
Valdis.Kletnieks@vt.edu