From: Khimenko Victor <khim@dell.sch57.msk.ru>
...
>> It's true that every effective, generally accepted security
>> improvement causes people who want to break security to
>> concentrate on methods that aren't prevented by that improvement.
>> Saying that this means that such security improvements shouldn't
>> be put into widespread use is logically untenable. As a
>> colleague succinctly said, "If you lock your door somebody may
>> break in through a window. That doesn't mean you shouldn't lock
>> your door."
>>
>It's wrong analogy. Non-exec stack is more like movind key from under
>carpet near door to your garden: key is STILL easily available (garden is
>usually available exen if house is still locked :-) but most attackers do
>not know about it. As far as most houseowners will do this attakers will
>try to find key in the gardenas well.
Not as wrong - just incomplete: leave the door unlocked, but put a chain
on it. If someone tries to open the door, the chain stops him, you know
the door was tried (and how it was tried). Scream at vendor of door, or
get the source for the door and fix it.
This also prevents him from breaking the window in the door.
The warning is what is what I want. Any burgler can break a door even if
it has an alarm, given enough time. The non-exec stack is only the alarm.
locking the door is more like fixing the stack overflow. A fixed stack
overlow also prevents the "breaking the window".
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil
Any opinions expressed are solely my own.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jan 07 2000 - 21:00:05 EST