Re: [RFC] prevention of syscalls from writable segments, breaking bug exploits

From: Dan Hollis (goemon@anime.net)
Date: Wed Jan 03 2001 - 18:32:46 EST


On Thu, 4 Jan 2001, Dan Aloni wrote:
> Anyway, while it is agreed that you can't completely eliminate exploits,
> it is recommended that, it should be at least harder to create them, maybe
> it can even minimize the will to write them.

The argument against these sort of protection mechanisms seems to be "well
its not perfect, so we shouldnt have it at all".

Lets use that argument against uid/gid then. Since it's impossible to
protect against exploits, let's dispose of uid/gid entirely and run
everything as root ;-)

"stack guarding is a false sense of security". Well, so is ipchains, so
lets discard that as well...?

Really, these arguments cut both ways. If you are going to argue against
something because it's not perfect, you should be aware that you're
arguing against other kernel protection mechanisms also.

-Dan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Jan 07 2001 - 21:00:16 EST