So what if it's not a perfect solution. It will at least give us some more
creative exploits in the future. But it's certainly an improvement, and it
certainly raises the bar. So when my syslog says:
kernel: Possible buffer overflow exploit attempt:
kernel: Process crond (pid 612, uid 0, euid 0).
I can have a good laugh that even though a user beat me to the punch on an
exploit, I don't have to wonder if I've been rooted and don't know it.
I'm not close to talking about letting a box sit around unpatched for months
like too many do. I'm talking about why not put a barracade, even if ever so
small, into the ever tightening exploit-and-patch cycle. Anyone who doesn't
think this will help security is welcome to give me a shell account on their
box, so they can worry about skilled hostile users just like I do. And no fair
switching to OpenBSD first.
I mean really. Make it a kernel option that you have to check the
"experimental" box first in order to see, if it's really that important to
not have it be readily available. Otherwise, I'm really wondering where all
those people who thought it was a good idea to have a stinking web server
in kernel space have gone to.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/