Re: two things

C. Scott Ananian (cananian@lcs.mit.edu)
Thu, 18 Dec 1997 11:11:36 -0500 (EST)


On 18 Dec 1997, Benny Amorsen wrote:

> >>>>> "CSA" == C Scott Ananian <cananian@lcs.mit.edu> writes:
>
> CSA> My understanding is that the current nonexec-stack patch works so
> CSA> well because it cleverly disables itself when it detects code
> CSA> that will break. Although this does make it compatible, it
> CSA> doesn't make it secure. Solutions to these problems have been
> CSA> rumoured for Linux 2.3.X.
>
> We should not fix the problem in the case where it _can_ be solved,
> just because there are cases where it cannot?

If it is trivial to disable the patch, it doesn't make anything
really more secure now, does it? And it lulls one into a false sense of
security.

Besides: no one is saying you can't patch your own kernels. But the
official linux kernel distribution is concerned (rightly) with doing
things the Right Way, even if it takes a bit longer to get it done.
--Scott
@ @
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-oOO-(_)-OOo-=-=-=-=-=
C. Scott Ananian: cananian@lcs.mit.edu / Declare the Truth boldly and
Laboratory for Computer Science/Crypto / without hindrance.
Massachusetts Institute of Technology /META-PARRESIAS AKOLUTOS:Acts 28:31
-.-. .-.. .. ..-. ..-. --- .-. -.. ... -.-. --- - - .- -. .- -. .. .- -.
PGP key available via finger and from http://www.pdos.lcs.mit.edu/~cananian