Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Subject: CVS commit: src/share/mk



Matthias Scheler <tron%netbsd.org@localhost> wrote:
> > Point that it can find some bugs is reasonable, but then why not enable
> > it for, let's say, DIAGNOSTIC option?
> 
> Because it is also a security feature. I can e.g. turn a remote root
> exploit into a DoS which will at least keep your data safe.
> 

Well, I do not really care about this type of philosophical security in the
kernel, but by estimating the effect, I would say there is more cost than
benefit - modern x86 machines have a PG_NX bit, which deals with this matter
in a much better way.  And if somebody can smash the kernel stack, then your
system is doomed anyway..

-- 
Mindaugas


Home | Main Index | Thread Index | Old Index