[...]
> More generally, I think you are making the engineer's mistake
> of concentrating so much on the means that you are losing track of the
> real objective. Fixing stack overflow bugs is a means toward
> preventing stack overflow exploits. Unlike bugs which can be reliably
> caught by compilers, stack overflow bugs continue to crop up and
> apparently will continue to in the future, creating real security
> problems until they are detected and fixed. This window of
> vulnerability is almost always a much bigger problem than the harm
> caused by it taking a little longer for somebody to notice the bug
> that has basically been made harmless.
It has _not_ been made harmless, just harder to exploit. And the "fix"
screws up legitimate uses of executing code on the stack. Nothing changes,
as soon as the "fix" becomes widespread. And then everybody pays the cost
of the "fix", and nobody gets any benefit. Loose-loose as I see it.
-- Dr. Horst H. von Brand mailto:vonbrand@inf.utfsm.cl Departamento de Informatica Fono: +56 32 654431 Universidad Tecnica Federico Santa Maria +56 32 654239 Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/