"Firewalls give administrators a false sense of security."
"Shadow passwords arent the solution, secure passwords are."
Both of these statements are true in general. And if people these as
their only lines of defense, they will most likely be broken into.
When used by an administrator armed with a security policy, subscriptions
to all relevent security mailing lists, and experience, these all become
useful tools.
Who knows how many cookie cutter stack overwrites might already exist that
haven't been released to the public yet. This patch will provide
protection for people who arent on security mailing lists, and offers them
some protection against bugs that aren't common knowledge. While we are
at it, the symlink patch is also a good idea from a security perspective.
If it is true that these patches dont break anything on the system, then
I think that they are no more dangerous than shadow passwords and
firewalls. I do not not what other factors go into the decision of
whether or not patches make it into the kernel, but I hope the 'lulls
users into a false sense of security' argument won't be one of them.
Dave
--- ---
David Goldsmith dhg@dec.net
DEC Consulting http://www.dec.net
Software Development/Internet Security http://www.dec.net/~dhg