Subject: Re: Non executable mappings and compatibility options bugs
To: None <,>
From: Thor Lancelot Simon <>
List: tech-security
Date: 06/22/2004 07:11:37
On Tue, Jun 22, 2004 at 03:58:57PM +1000, matthew green wrote:
> actually, i'd call the fact that we can no longer run other binaries
> a regression, not the fact that we can only run our own secure ones.
> i'm all for security features, but they can't break other things in
> the process.  why is it a regression to not enable a security feature
> for an emulation until it's verified _not to break it_?

Because right now, no program can execute code on the stack; but we're
about to make it so that some can.  Some is larger than none; that makes
the system rather obviously less secure.

I'm not saying not to fix the emulations.  I *am* saying that the user
needs to be very very obviously warned, at kernel build and run time,
that enabling the emulation options does something unobvious that has a
negative effect on system security: it lets you run binaries that can
potentially be made to run code on their stacks.  Since we trumpet our
new feature of a non-executable stack, if we _don't_ warn users when it's
not true, they'll just expect that things are as simple as they seem...

 Thor Lancelot Simon	                            
   But as he knew no bad language, he had called him all the names of common
 objects that he could think of, and had screamed: "You lamp!  You towel!  You
 plate!" and so on.              --Sigmund Freud