On Wed, 3 Jan 2001, Dan Hollis wrote:
> On Thu, 4 Jan 2001, Dan Aloni wrote:
> > Anyway, while it is agreed that you can't completely eliminate exploits,
> > it is recommended that, it should be at least harder to create them, maybe
> > it can even minimize the will to write them.
>
> The argument against these sort of protection mechanisms seems to be "well
> its not perfect, so we shouldnt have it at all".
>
> Lets use that argument against uid/gid then. Since it's impossible to
> protect against exploits, let's dispose of uid/gid entirely and run
> everything as root ;-)
>
> "stack guarding is a false sense of security". Well, so is ipchains, so
> lets discard that as well...?
>
> Really, these arguments cut both ways. If you are going to argue against
> something because it's not perfect, you should be aware that you're
> arguing against other kernel protection mechanisms also.
>
Your comparing actual security with stack guarding? Stack guarding mearly
makes the attack diffrent.. rootkits are already available to defeat it.
Gerhard
-- Gerhard Mack<>< As a computer I find your faith in technology amusing.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jan 07 2001 - 21:00:16 EST