Re: non exec stack & devfs threads!

Meelis Roos (mroos@tartu.cyber.ee)
Thu, 6 Aug 1998 12:53:40 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Geert Uytterhoeven: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"
Previous message: H. Peter Anvin: "Re: DEVFSv50 and /dev/fb? (or /dev/fb/? ???)"

DB> First of all, I agree whole heartedly with Mr Torvalds that the anti stack
DB> execution patch is just a patch to the symptoms and not the underlying
DB> problem itself. Somebody here, I forget who, mentioned that GCC has an
DB> option to compile programs with array bounds checking. THIS IS EXACTLY
DB> THE SOLUTION TO THE PROBLEM!!! If all setuid root programs were compiled
DB> with this option, this would be a non issue! Please feel free to shoot my
DB> reasoning if it is false.

There was a discussion on bugtraq obout bounds checking. That made programs
_very_ slow (AFAIR about 20 times slower sometimes).
C is not designed to be bounds checking - that's why it's so hard.

-- Meelis Roos (mroos@tartu.cyber.ee)

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html

Next message: Geert Uytterhoeven: "Re: [PATCH] [SECURITY] suid procs exec'd with bad 0,1,2 fds"
Previous message: H. Peter Anvin: "Re: DEVFSv50 and /dev/fb? (or /dev/fb/? ???)"