Let's look at your argument:
Given: we have a process with an exploitable buffer overflow.
Case A, stack is executable: your process stays up despite buffer overflows,
and crackers silently get root on your machine.
Case B, stack is non-executable: your process dies. Crackers don't get root.
Your log screams at you that your process has security problems.
And you are saying you prefer Case A? Wow..
In an ideal world people would write good code, and we could allow the stack
to be executable. But it's not an ideal world, and admin's don't have the
time to audit every daemon they run.
IMO non-exe stack should be a compile option, so that those who need/like
paranoid setups can have that small extra bit of security. Granted, most
people don't need it, and most people shouldn't use it. And support for
various trampoline formats should be kept to a minimum. But it should be an
option.
-paul jakma.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/