Bingo. This isn't an issue to software developers; frankly, they created
the problem. This is an -administration- issue, for people who can't
necessarily fix their software (don't know how, don't have source, can't
make software upgrades due to dependancies on other factors, don't have
the staff to be constantly monitoring security releases, etc).
You can argue that this is their responsibility, and you'd be right, but
you'd be extremely naive to think that every organization embraces this
responsibility, or that they are all even aware of security issues. And
when software developers are slow to respond with patches to code with
overflows, the administrators of systems using that software are usually
left with little recourse: fix it themselves, live without the software,
or live with the security hole. This patch makes "living with the hole" a
little more bearable.
No, this isn't a silver bullet. But it's a logging mechanism so you, as an
administrator, have a clue as to who is attempting to breach security
(which you could act on with social solutions, since technical solutions
aren't up to snuff), and it eliminates the casual hacker-without-a-clue in
many cases.
I don't see why this is such a point of contention; can this not be made a
configuration option, possibly under the "experimental" group of options,
with a default of "N", and a stern description of what it does and why
it's good/bad? It's widely used, generally accepted as at least a stop-gap
measure for some stack security issues, and is non-intrusive to system
operation.
-- -------------------. emarshal at logic.net .--------------------------------- Edward S. Marshall `-----------------------' http://www.logic.net/~emarshal/Linux labyrinth 2.1.114 #1 SMP Tue Aug 4 02:06:20 CDT 1998 i586 unknown 8:25pm up 36 min, 3 users, load average: 0.03, 0.04, 0.08
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html