[nycbug-talk] MS moves on. . .

[Pete Wright]

G.Rosamond wrote:

>
> However, one thing Theo mentioned in his Exploit Mitigation 
> Techniques  talk was about OBSD's use of canaries to avoid buffer 
> overflows.   Apparently, MS is doing the same, although their 
> placement of canaries  does nothing.  It would be good if someone 
> could elaborate on the role  of canaries. . .
>
from what i understood was that MS inserts the canaries at compile time, 
not run time.  so the canarie is in the same location on each build of 
windows.  still confused as to what a canarie is tho...

> Interestingly enough, it was the only anti-MS comment I heard the  
> entire weekend at BSDCan. . .
>
yea, i actually heard alot of people comparing features agains windows, 
not linux/solaris as i expected.  actaully the FUD/flamming was quite 
low which was really nice!

-p

-- 
~~~oO00Oo~~~
Pete Wright
pete at nomadlogic.org
www.nomadlogic.org/~pete