Oh it is
> exec patch just makes the stack smashing attacks harder (you need to make use
> of code present somewhere else, but it's still doable), not impossible.
99% of attackers are too stupid to write attack programs, 99% of attack programs
aren't written to cope with the stack protection patch
The end result is that many exposed ISP machines run with those patches, most
linux firewall product vendors I know use those patches
Also some of those patches are real security - you can't really do TPE without
kernel support, and TPE makes life quite annoying for an attacker
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html