I agree with Linus here after reading the arguments here. Solar Designers
is actually just a nice kludge that is defeatable, so it doesnt belong in
the kernel. Its better to stay as an obscure patch. When it is included in
the kernel source more exploits will follow and therefore its useability
will decrease more rapidly.
If you want real security support from Linux we should start from scratch
and create a secure-linux project. Design a radically different stack
layout (2 stacks). The first stack with the return adress / registers
should not be modifyable due to a buffer under or overflow in the second
stack or in the process heap. This means that you have to pick a CPU that
supports such a design, modify gcc , libc etc.. Lots of other problems will
pop up.
Fixing programs will always be neccesary but you dont have to be so
paranoid anymore for buffer overflows. However if you run a secure-linux
box , being paranoid is the first requirement , bugtraq the second ;-)
<offtopic mode off>
René Janssen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html