1) Not all architectures support this
2) It breaks trampoline code
3) It doesn't provide full protection
4) It does raise the bar significantly, in that it stops script kiddies
5) Most modern daemons are smart enough to switch to unprivileged UIDs when
parsing user input, and use strnxxx library functions.
I would say that all considered, it is not worthwhile unless you need to run
a bunch of old setuid programs. In that case, you are taking a big risk even
with the patch.
-- Zachary Amsden zamsden@engr.sgi.com (650) 933-6919 09U-510 Core Protocols
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/