RE: Unexecutable stack
Sean McElroy (wanderer@telepath.com)
Tue, 28 Dec 1999 09:06:02 -0600
> On Mon, 27 Dec 1999, Gabor Lenart wrote:
>
> > Hmmm. But kernel contains features marked 'experimental'.
> Like experimental
> > things, secure Linux patch can go into kernel with some
> remark like experimantal.
> > (in this case: "big warning, ...").
>
> Indeed, warning that this doesn't prevent you against getting hacked
> should be in order.
> I use the patch for a while now on production boxes, it has
> proven useful
> and not in the way for me.
>
> > BTW, restricted proc fs should go into kernel tree (do not
> care in this case
> > if unexecutable stack goes in or not), because it's the
> minimum to have
> > an ability to hide my processes from others. It's VERY
> simple and trivial
> > patch, only alters file access permissions in /proc.
>
> I couldn't live without it on our public telnet servers, our
> users should
> have some form of "privacy".
> We can all imagine what nasty things can happen when someone
> is doing a ps
> and sees personal data carelessly put in a commandline of some users
> process.
> I think at least parts of these patches should be considered
> for optional
> inclusion.
>
> Regards,
>
> ---------------------------draw-conclusion-here---------------
> ---------
> Homme R. Bitter *NIX admin, BOFH, MCSE, parttime
> divine entity.
>
> REM This is a comment, I realy, really, really love comments.
The unexecutable stack patch will probably always be a "hotbutton issue",
but I too would really like to see the /proc permission patch go in to the
standard kernel.
-Sean
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/