[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Immunix OS Security update for netscape

To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: Immunix OS Security update for netscape
From: Crispin Cowan <crispin@WIREX.COM>
Date: Sat, 21 Apr 2001 11:42:57 -0700

Greg KH wrote:

> No, you are correct, I shouldn't have labeled this release with the
> "StackGuard" label on the rpm package to remain consistent with the
> current 6.2 package naming scheme.  It is just rebundling the binaries,
> and we do not compile Netscape with the StackGuard compiler.

However, we have built Mozilla with StackGuard, which required a few hacks to 
Mozilla to that it's
loadable module interface would recognize StackGuard stack frames.  The work 
was actually done by
Leslie Ann Ong as her term praper project in my winter security course
http://www.cse.ogi.edu/~crispin/527/

We haven't got around to releasing it, because it is tangential to our server 
business, and we'd have
to maintain the forward port of this patch as Mozilla marches on. If there's 
a core Mozilla developer
out there who would like to adopt this patch and get it pushed into the 
mainline, please contact us.

--
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org

Prev by Date: Re: SECURITY.NNOV: The Bat! <cr> bug
Next by Date: Re: Linux patches to solve /tmp race problem
Prev by thread: Re: Immunix OS Security update for netscape
Next by thread: Bug in Cisco CBOS v2.3.0.053
Index(es):
- Date
- Thread