Re: propolice support for linux

From: Arjan van de Ven
Date: Thu Jan 13 2005 - 09:09:37 EST

Next message: Con Kolivas: "2.6.10-ck4"
Previous message: Christoph Hellwig: "Re: propolice support for linux"
In reply to: Han Boetes: "Re: propolice support for linux"
Next in thread: Jakub Jelinek: "Re: propolice support for linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2005-01-13 at 14:45 +0059, Han Boetes wrote:

> And since most of the security-flaws in linux are buffer-overflows
> I would like to request that a patch based on this one is applied
> to the kernel so people can use this extension by default.
>

I'm sorry but I disagree with this. Most of the security flaws in the
kernel are NOT buffer overflows. Almost none are! (and that is because
in the linux kernel you are very much stack constrained and can't put
large-ish buffers on the stack).

Userland.. that's a different matter.
Propolice is one of the options there, there are others too. But for the
kernel, buffer overflows are really rare (esp ones that propolice and
other tools can catch).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Con Kolivas: "2.6.10-ck4"
Previous message: Christoph Hellwig: "Re: propolice support for linux"
In reply to: Han Boetes: "Re: propolice support for linux"
Next in thread: Jakub Jelinek: "Re: propolice support for linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]