Second just an idea: If I understand the issue right the problem is mainly
araising from the leak of array bounds checking in C and lazy coders which
don't bother to calculate the array sizes before using some arrays in
security relevant applications. (char buf[MAXPATH] and shit of the same
quiality in code). But there is currently already a patch out there for
GCC, which allows you to enable bounds checking on arrays. So If You where
a responsible Linux distribution creator --- get this patch and compile
all the ftpd or whotever with it enabled. This should help 1000 x more
then the no stack exec patch! And if you are an application writer. JUST
DAMN NEVER USE void foo(char *userarg) { char buf[MAXPATH]; strcpy(buf,
userarg); }. FORGET ABOUT MAXPATH and other system limits!
You could even advertise Your distribution by promoting the fact that You
are using this opportunity to *really* increase the security of it...
Marcin
=========================================================================
In real life: System Programmer at AIS AXON GmbH
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html