But from your arguing against it, you appear to oppose the patch
because it isn't 100%. Not because it may not be very useful, but
simply because it isn't perfect and you only want perfect patches.
> > This is an imperfect world, and rejecting something because it isn't
> > perfect doesn't help. It won't *force* applications to be more
> > careful, which is what some may hope for.
>
> That is irrelevant, because it needs only a slight adaption by the
> exploit writers.
It is of course relevant. The patch provides some level of increase in
security, there's no arguing with that. You to take the position that
because the fix can be worked around, it is better to leave Linux at a
lower level of security so that application writers will fix their
code. Rejecting the patch will not have that effect.
Application writers can say that the problem doesn't exist on xyz-OS,
which does have the anti-exec fix. This tarnishes Linux.
> > "The point of locks on your house is not to stop burglars, but to make
> > it harder for them so that they try the next house down the street".
>
> "Using antibiotica carelessly harms more in the long run, because the
> bacteria becomes immune, so it won't work when you really need it"
> (OK, not 100% accurate)
Bacteria can become immune to classes of antibiotics when a particular
antibiotic of that class is over-used. Using the anti-stack-exec patch
will not make it any harder to fix applications to avoid
buffer-overflow exploits. You may loose when using antiboitics. You
don't loose when using anti-stack-exec.
Regards,
Richard....