Subject: Re: Non executable mappings and compatibility options bugs
To: None <email@example.com, firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 06/22/2004 07:11:37
On Tue, Jun 22, 2004 at 03:58:57PM +1000, matthew green wrote:
> actually, i'd call the fact that we can no longer run other binaries
> a regression, not the fact that we can only run our own secure ones.
> i'm all for security features, but they can't break other things in
> the process. why is it a regression to not enable a security feature
> for an emulation until it's verified _not to break it_?
Because right now, no program can execute code on the stack; but we're
about to make it so that some can. Some is larger than none; that makes
the system rather obviously less secure.
I'm not saying not to fix the emulations. I *am* saying that the user
needs to be very very obviously warned, at kernel build and run time,
that enabling the emulation options does something unobvious that has a
negative effect on system security: it lets you run binaries that can
potentially be made to run code on their stacks. Since we trumpet our
new feature of a non-executable stack, if we _don't_ warn users when it's
not true, they'll just expect that things are as simple as they seem...
Thor Lancelot Simon firstname.lastname@example.org
But as he knew no bad language, he had called him all the names of common
objects that he could think of, and had screamed: "You lamp! You towel! You
plate!" and so on. --Sigmund Freud