Matthias Scheler <t...@netbsd.org> wrote: > > Point that it can find some bugs is reasonable, but then why not enable > > it for, let's say, DIAGNOSTIC option? > > Because it is also a security feature. I can e.g. turn a remote root > exploit into a DoS which will at least keep your data safe. >
Well, I do not really care about this type of philosophical security in the kernel, but by estimating the effect, I would say there is more cost than benefit - modern x86 machines have a PG_NX bit, which deals with this matter in a much better way. And if somebody can smash the kernel stack, then your system is doomed anyway.. -- Mindaugas
