> On Fri, 7 Aug 1998, Tracy R Reed wrote:
> >
> > Fixing broken applications after my system has been rooted is little
> > consolation.
>
> That's with the broken assumption that you couldn't root the system
> without the no-stack-exec patch.
>
> Yes, it may be harder, and yes, it may take longer, but you're assuming
> that the kernel patch is somehow a fix for the bug, and it isn't. It's at
> best a bandaid.
[snip]
>
> The ONLY reason I see for the kernel hack is to allow people to ignore
> certain known security holes in user space. And that's a really bad reason
> in my book.
>
> So I don't mind people maintaining the thing as a separate patch - that's
> what having sources available is all about: freedom. However, I also
> personally think that it is a bad thing to have in the kernel, and I won't
> accept it in the tree _I_ maintain until somebody can come up with better
> arguments than I've heard so far.
You managed to completely ignore the main point of *MY* previous point
(because I started off saying not all apps are well maintained). My main
point wast that there is *ALWAYS* a period of time between the release of
the fix and when you install it (not to mention laps between exploit and
fix). If you are in a very hostile enviroment (ISP shell server; system
that publicly gives out shells) then that time is the difference between
being rooted and not.
Perhaps the better solution to that is for the dists to have an extensive
set of errata mirrors, and to have a daemon which checks for them
constantly, then downloads them, checks pgp keys, applies 'critical
security related fixes' automaticly, and sends mail to root telling him
about it..
This would not solve the problem of a fix not existing before an exploit.
But I'm not as concerned about that, because increasingly the problems are
being fixed *before* an exploit exists. There is no solution but to speed
up fixes and I think Linux fixes are plenty fast.
There are two things that would help when there is not yet a fix. Have
the dists watch the security lists and create notifications to the above
daemon that make is send root mail: "Your system has a critical security
hole. There is currently not a fix, however, you can protect yourself by
disabling Z. To disable Z type..."
The other thing that can help, and is a general bandaid on the whole
situation: Noexec stack. I dont think that the stack patch will
slow/prevent real fixes because a) most people will always know that it's
not a good solution and b) most computers wont use it (even if it's in the
mainstream kernel)..
So who's gonna come out with the magic security daemon first?
> Linus
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html