Robert Dinse <nanook@eskimo.com> said:
> On 2 Jul 2000, Yoann Vandoorselaere wrote:
> > Non executable stack doesn't help preventing stack overflow,
> > that was said thousand of time.
> It's said erroneously, because you go from a problem of having to guess
> within a page to having to be exact.
So what? Just find out what distribution somebody is running, and check
with that. Sure, it's a bit harder to do, but if you get it right for
current Red Hat, Debian, and SuSE, you've got almost all.
[...]
> The patch also provides restrictions on links in a +t directory, it
> also prevents users from making hard links to files they don't own. This
> breaks a number of race exploits, like the old passwd race, amoung other
> things.
>
> There are some restrictions on writes to FIFO's in +t directories
> unless the FIFO is owned by the user or the FIFO is opened without the
> O_CREAT flag.
All this breaks POSIX (and many legitimate uses) big time.
> There is the ability to restrict access to proc, for applications where
> you do not want one user from watching another, ps only shows a users own
> processes, etc.
That sounds reasonable.
-- Horst von Brand vonbrand@sleipnir.valparaiso.cl Casilla 9G, Vin~a del Mar, Chile +56 32 672616- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jul 07 2000 - 21:00:11 EST