Re: [RFC] prevention of syscalls from writable segments, breakingbug exploits

[Dan Hollis]

On Thu, 4 Jan 2001, Dan Aloni wrote:
> Anyway, while it is agreed that you can't completely eliminate exploits,
> it is recommended that, it should be at least harder to create them, maybe
> it can even minimize the will to write them.

The argument against these sort of protection mechanisms seems to be "well
its not perfect, so we shouldnt have it at all".

Lets use that argument against uid/gid then. Since it's impossible to
protect against exploits, let's dispose of uid/gid entirely and run
everything as root ;-)

"stack guarding is a false sense of security". Well, so is ipchains, so
lets discard that as well...?

Really, these arguments cut both ways. If you are going to argue against
something because it's not perfect, you should be aware that you're
arguing against other kernel protection mechanisms also.

-Dan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/