[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Subject: CVS commit: src/share/mk
Matthias Scheler <tron%netbsd.org@localhost> wrote:
> > Point that it can find some bugs is reasonable, but then why not enable
> > it for, let's say, DIAGNOSTIC option?
> Because it is also a security feature. I can e.g. turn a remote root
> exploit into a DoS which will at least keep your data safe.
Well, I do not really care about this type of philosophical security in the
kernel, but by estimating the effect, I would say there is more cost than
benefit - modern x86 machines have a PG_NX bit, which deals with this matter
in a much better way. And if somebody can smash the kernel stack, then your
system is doomed anyway..
Main Index |
Thread Index |