On Sun, Jul 02, 2000 at 03:00:35PM +0200, Yoann Vandoorselaere wrote:
> here i'm talking about the non exec stack issue,
> as Victor said, just consult Lkml archives (the thread
> about LUID, and Security in general ) and you'll see explaination
> why this is not usefull in order to prevent stack overflow.
Please do not describe THEORIES. (Think about Minix and its creator's
opinion on Linux: it is POSSIBLE that design and used theories of Minix
is better than Linux but it's not too much for the real life)
Non-executable stack of Solar Designer's
patch stop almost all of tried exploits on our servers. Yes, it's possible
to trick it (not too hard), but great percent of exploits are the common
ones which can be denied by this patch. We must think on real not on theories.
If it HELPS at least a bit go ahead and use it. Nothing is perfect though,
but it's the main face of our university, isn't it. Being part of official
kernel source is another question: I think it would have ... with a warning
that it's not absolute secure. I think Linus deny some patches because he
feels better solution must be found, so try to make something more secure.
But till then: patch kernel yourself and use it.
- Gabor
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jul 07 2000 - 21:00:12 EST