Subject: Re: Non executable mappings and compatibility options bugs
To: None <tech-kern@netbsd.org, tech-security@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 06/22/2004 07:11:37
On Tue, Jun 22, 2004 at 03:58:57PM +1000, matthew green wrote:
>
> actually, i'd call the fact that we can no longer run other binaries
> a regression, not the fact that we can only run our own secure ones.
>
> i'm all for security features, but they can't break other things in
> the process. why is it a regression to not enable a security feature
> for an emulation until it's verified _not to break it_?
Because right now, no program can execute code on the stack; but we're
about to make it so that some can. Some is larger than none; that makes
the system rather obviously less secure.
I'm not saying not to fix the emulations. I *am* saying that the user
needs to be very very obviously warned, at kernel build and run time,
that enabling the emulation options does something unobvious that has a
negative effect on system security: it lets you run binaries that can
potentially be made to run code on their stacks. Since we trumpet our
new feature of a non-executable stack, if we _don't_ warn users when it's
not true, they'll just expect that things are as simple as they seem...
--
Thor Lancelot Simon tls@rek.tjls.com
But as he knew no bad language, he had called him all the names of common
objects that he could think of, and had screamed: "You lamp! You towel! You
plate!" and so on. --Sigmund Freud