Re: two things

Martin von Loewis (martin@mira.isdn.cs.tu-berlin.de)
Fri, 19 Dec 1997 00:18:20 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: hacking linux for web servers"
Previous message: Raul Miller: "[abe@purdue.edu: Re: lsof doesn't work without module support?]"
Maybe in reply to: Shane Wegner: "two things"

> We should not fix the problem in the case where it _can_ be solved,
> just because there are cases where it cannot?

Exactly. Of course, everybody is free to use that patch, if she things
that there is an advantage in using it. However, it would be very bad
for Linux if the patch was included and it became public knowledge that
Linux is protected against executable-stack attacks. If later somebody
finds the work-around (as somebody certainly will), it will be a PR
desaster.

There are much better ways of fighting these kinds of attacks. About
the best way is to fix the applications that risk buffer overflows.
glibc 2 does a very good job in this: it produces linker warnings for
unsafe functions. So every time somebody installs such a package from
the sources, she will get a linker warning, until she finally does
something about it. Works much better in the long run, IMHO.

Regards,
Martin

Next message: Alan Cox: "Re: hacking linux for web servers"
Previous message: Raul Miller: "[abe@purdue.edu: Re: lsof doesn't work without module support?]"
Maybe in reply to: Shane Wegner: "two things"