Hello, linux-guru.
A couple of days ago Artur Grabovsky add this thing into the OpenBSD(
someone guess, this is the most secure OS) kernel.
This, as he suppose, not improve security of the system, but do OS more
strong to the script-kiddies attack.
Althought all admins and security analysist are loudly speaking, that
Linux is the greatest hole in security aspect, i think, that with straight
/dev/hands and not stupid /dav/brain the system can be unbreakable.
But there are situations, when even the best administrator cann't fight
against script-kiddies becouse of vendors, that cann't patch it's soft in
time.
And many systems lost it's defense.
In this cases many things can help, for example nonexecutable stack.
This patch also helps in manner of this kind.
If machine has random stack base in any exec, script kiddies will not
write _simple_ exploits, becouse of allmost such programs beleive, that
stack base remains the same.
And script kiddies should learn much more complex methods, like rewriting
dtors section and other.
In this case this patch cann't help, but i however belive, that this is
not bad.
At the and I want to cite OpenBSD developer, Artur Grabovsky:
"Add a possibility to add a random offset to the stack on exec. This makes
it slightly harder to write generic buffer overflows. This doesn't really
give any real security, but it raises the bar for script-kiddies and it's
really cheap."
Thank for your attention to this patch.
P.S. It also add one check to remove one XXX :)
P.P.S. And sorry for my english :)
P.P.P.S If i have sad trully delirium, then tell me it, becouse i am only
a beginner( or lamer).
--- WBR. //s0mbre
This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:52 EST