Because it's a deliberate tradeoff: it allows you to provide limited
Internet access from inside the firewall without opening everything up ---
important when "everything" includes commercial database servers of unknown
security, network printers (Postscript is a Turing-equivalent programming
language, it's not unthinkable that someone could craft an exploit that uses
a Postscript printer as an intermediary), and client boxes that might be
secure when you set them up but are afterwards left to the mercy of users
who love to install the latest un-audited code (including various products
from a certain very large software company...).
You're accepting a security risk (while trying to minimize it) in return for
increased functionality. The no-stack-exec patch doesn't do this.
(That doesn't mean I disapprove of the no-stack-exec patch, by the way; I
personally think user programs that want to execute code off the stack are
broken by design --- and I seem to recall that the signal trampoline code
was added to Linux only when we couldn't get away from it any more, so I
can't be the only one that finds the idea ugly.)
-- brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net system administrator [WAY too many hats] allbery@ece.cmu.edu electrical and computer engineering carnegie mellon university (bsa@kf8nh is still valid.)
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html