law@sgi.com writes:
[snip]
> it is called "auditing". If you want a security increase, the wait
> until the Labeled Security Protection Profile (LSPP) is applied to
> a Linux target. That would provide serious ammo to defending a system.
> Adding MAC and least priviledge, file-based capabilities, and
> non executable stack and you have something a bit more tedious to break
^^^^^^^^^^^^^^^^^^^^
As it was already pointed on this list, this kind of defense do not
protect against stack overflow, it'll be just a little more hard for
the attacker to execute the offending code ( he will need to add
the execve code to his eggshell ).
Also this "feature" forbid some program to run,
program using nested functions like lisp / ada program are some exemple.
-- -- Yoann http://prelude.sourceforge.net It is well known that M$ product don't make a free() after a malloc(), the unix community wish them good luck for their future developement.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:12 EST