Re: why I run no-exec-stack patch

• Next message: Pedro M. Rodrigues: "Re: First draft list of 2.3.x "Things to fix""
• Previous message: David Weinehall: "Re: First draft list of 2.3.x "Things to fix""
• Next in thread: Khimenko Victor: "Re: why I run no-exec-stack patch"
• Maybe reply: Khimenko Victor: "Re: why I run no-exec-stack patch"
• Maybe reply: Khimenko Victor: "Re: why I run no-exec-stack patch"
• Maybe reply: Jesse Pollard: "Re: why I run no-exec-stack patch"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 5 Jan 2000 don@sabotage.org wrote:

>I mean really. Make it a kernel option that you have to check the
>"experimental" box first in order to see, if it's really that important to
>not have it be readily available. Otherwise, I'm really wondering where all
>those people who thought it was a good idea to have a stinking web server
>in kernel space have gone to.

2 comments:

Firstly, this thread is entirely pointless and should die ASAP.
Why? Because Linus has stated that a non-exec stack patch simply
will not be allowed into the official kernel no-way no-how. Many
agree with him, and some disagree. Regardless of wether someone
agrees or disagrees with him, he is not likely to change his
mind, and ultimately he is the one who decides.

Face it people, a non-exec stack patch is NOT GOING INTO THE
KERNEL. Get used to the idea.. end of story. Feel free to patch
the kernel and distribute it as the official non-exec-stack
kernel.

Personally I agree with Linus's viewpoint on this, however I do
see some merit to using the patches on certain boxes out there.
I see this as a security through obscurity hack, but unlike some
people I believe that some security through obscurity does
achieve results even if not 100%. I do not think it should go in
kernel though, nor should any security through obscurity options.

IMHO security through obscurity is a local "site policy" issue
and should be left to userland, and external kernel patches if
allowed at all.

My second comment is on khttpd. For the most part, I agree about
your comment on khttpd, however I see khttpd as the start on work
for a generic kernel enhancement. In other words, khttpd will
likely be there for 2.4, but will IMHO be replaced with something
that other services may also benefit from which is much more
generic, and perhaps even more minimal - and of course an option.

So, once khttpd is no longer khttpd, but rather
kfileaccessspeedupforuserlandprocessesaccessinglotsofstaticfilesd
then maybe it will no longer be a big argument. ;o)

Take care,
TTYL

--
Mike A. Harris                                     Linux advocate     
Computer Consultant                                  GNU advocate  
Capslock Consulting                          Open Source advocate
Join the FreeMWare project - the goal to produce a FREE program in
which you can run Windows 95/98/NT, and other operating systems.
                    http://www.freemware.org
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Pedro M. Rodrigues: "Re: First draft list of 2.3.x "Things to fix""
• Previous message: David Weinehall: "Re: First draft list of 2.3.x "Things to fix""
• Next in thread: Khimenko Victor: "Re: why I run no-exec-stack patch"
• Maybe reply: Khimenko Victor: "Re: why I run no-exec-stack patch"
• Maybe reply: Khimenko Victor: "Re: why I run no-exec-stack patch"
• Maybe reply: Jesse Pollard: "Re: why I run no-exec-stack patch"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Jan 07 2000 - 21:00:03 EST