> Because it's a deliberate tradeoff: it allows you to provide limited
> Internet access from inside the firewall without opening everything up ---
> important when "everything" includes commercial database servers of unknown
> security [...]
Explain to me how a firewall is protecting your database, to which you
have no source, from buffer overflow attacks. I missed that part.
Oh wait, you've got all your CGIs/whatever-your-fav-dyn-content-is
magically tweaked to never send the "wrong" strings to the db server,
right?
Oh! Oh! I know! You're running the db on solaris with stack exec turned
off!
:)
> You're accepting a security risk (while trying to minimize it) in return for
> increased functionality. The no-stack-exec patch doesn't do this.
How is the firewall increasing your functionality? As far as I can see it
restricts your functionality. So does no-stack-exec. So do passwords.
So does using a bounds checking language. So does taintperl. They all
solve specific problems, no single one of them is a complete security
solution.
Ok I'm getting tired of arguing, could someone invoke the nazi rule?
Dean
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html