>
>
> On Tue, 4 Aug 1998, Perry Harrington wrote:
> >
> > We're on a dev kernel right now, correct? (yes) Why do we have a dev kernel?
> > (to add new features and "fix" things) Is it appropriate to try the stack
> > patch in a dev kernel, or wait another year for 2.3? (stick it in with it as
> > default, wait for the screams -- if they come, fix or non-default)
>
> You can wait forever, or just try it on your system.
>
> Or sombody had better tell me why they shouldn't fix their broken
> applications.
>
> Linus
Because not all apps are maintained. It's sometimes hard to track these
things down. Look at the results of the Linux security auditing team, they
are doing great stuff, but there are only so many hours in a day. I expect
that even with good luck it will be a year or two before 95% of the
current overflows are fixed.
Here is a problem to consider:
Think of a ISP shell computer, It's being constantly attacked. Assume
stupid hackers who dont find anything orignal but do know enought to read
bugtrack and modify an existing exploit. You've got 2500 users
and a new exploit arrives on bugtrack at 6PM. Calculate the probability
that by 9am the next day (you come in at 8 and read list at 8:30 and apply
the fix at 9) one of your hackers hasn't managed to use the exploit, get
root, replace system binaries, and load a invisible kernel module that
covers their traces. You will feel safe that you applied the fix. Mean
while he's sniffing your network and has rigged your copy of ssh to mail
him your password.
Your entire network is screwed.
Sure, things like boot from CD, read only drives, ethernet switches,
remote syslog, etc would help tons! But lets face reality, most sysadmins
either dont know how, dont know they can, or are too lazy to do things
this way (or cant afford the extra hardware this requires).
A noexec stack patch would only need to delay the hackers a few hours to
save your site. It dosn't help a whole lot, but it doesn't require much.
All it takes is a sysadmin smart enough to see the option "Pick me if this
computer will be under heavy attack and you dont care if it might break a
few apps". If you dont need any of those apps you just got a little extra
protection for free. You still need the patches, but you dont get
comprimized when the hackers are a bit faster then you.
It needs to be with the main kernel because people who know enought to get
a patch could handle doing the other mesaures (switched ethernet,
firewalling, RO systems, proper ssh usage, etc).. This is no substitue for
real security.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html