Linus Torvalds wrote:I have complained about breaking existing programs many times, but in this case I think the default should be no exec on all user writable data, and let the admin relax the security as needed. Or at least make a really obnoxious whine default, so people will know they have to deal with what's coming in some (near) future release.
If things are really that good, why are we even worrying about this?
It sounds like we should just have NX on by default even for executables
that don't have any NX info records,
This is possible in one of the modes the FC kernel supports but not a
While most of the code we ship has no problems, 3rd party code is a
completely different story. Most of the time this code is not as
cleanly written as the (cleaned-up) code we ship. If anything, you can
announce your intention to change the default in a few years and urge
people to clean up their code. If you want the maximum protection now
go with Ingo's exec-shield patch and the /proc/sys/kernel/exec-shield
entry which can be set to 2 to enable the strict mode. That's certainly
the best solution for edge servers but not for application servers
running lots of dubious 3rd party code.