Re: 3.0 wishlist Was: Overview of 2.2.x goals?

Richard Gooch (rgooch@atnf.CSIRO.AU)
Thu, 22 Jan 1998 22:46:38 +1100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jon Lewis: "Re: 3.0 wishlist Was: Overview of 2.2.x goals?"
Previous message: C. Jasper Spaans: "Gravis won't go"

Andi Kleen writes:
> Dan Hollis <goemon@sasami.anime.net> writes:
>
> > > * Anti-exec-stack option
> >
> > We *really* need this. Doesn't solaris already have it?
>
> This will only stop current cut'n'paste exploits. When Linux has it as
> standard exploit writers will quickly adapt to it (as shown numerous times),
> and you have the same situation.

I keep hearing these kinds of absolutist arguments "it doesn't fix
100% of cases, therefore it's no use", and it's really silly. The
point is not whether it is 100% effective, but whether it provides an
*improvement* in security. This patch apparently costs nothing in
functionality, so it has no side-effects. What's the problem?

This is an imperfect world, and rejecting something because it isn't
perfect doesn't help. It won't *force* applications to be more
careful, which is what some may hope for.

"The point of locks on your house is not to stop burglars, but to make
it harder for them so that they try the next house down the street".

Question: how much kernel bloat is required for the anti-exec-stack
option?

Regards,

Richard....

Next message: Jon Lewis: "Re: 3.0 wishlist Was: Overview of 2.2.x goals?"
Previous message: C. Jasper Spaans: "Gravis won't go"