>Do you really think it would be elegant and orthogonal etc. to suddenly
>have some programs fail mysteriously only when run as root, just because
>they happened to be written in Objective C / Pascal / whatever? IMHO, if
>this feature is that desperately needed, a cleaner solution would be to
>ban these programming languages from Linux altogther. And the crowd
>cheers... NOT!
I have not advocated making this (or any type of non-executable stack solution) a mandatory feature of the kernel. If you are running a serious server system and have specifically compiled a kernel for server use then you're unlikely to run a window manager as root anyway (I've never even run X on a server, I use workstations for X). Someone who is running a home system will not be serious about those things (for a while I ran a Linux box using the root account for almost everything - I do the same thing in OS/2, DOS, and NT where every account is as good as root) and will not have this level of protection compiled into the kernel anyway. Someone who is running a serious server system will run very few programs as root anyway.
They wouldn't fail mysteriously anyway. We could have a nice message in /var/log/messages and on the console...
>I realize the proposed solution could contain a workaround for these
>programs, I'm just protesting against the "wouldn't be a problem" bit...
I understand what you're saying. But I think that the best thing to do is to provide a choice. If you want serious security then you'll have to put up with some hassles along the way.
Russell Coker