> On Sat, 8 Nov 1997, Richard B. Johnson wrote:
>
> > If your pentium is used as a file-server or something in which a
> > user doesn't log in, you will have no problem. Just rename the gcc
> > compiler so someone can't write code on your system.
>
> Note that this bug means ANY buffer overflow bug, even on non-setuid apps,
> is now an entry point for an attacker to crash your machine. Got users on
> your system who wrote their own CGI apps in C? Ouch. Let's make that
> non-executable stack patch part of the mainstream kernel.
Execlent point.. This is a HORRIBLE bug, but lets make positive use of
it..
I ran the no-exec stack patch for awhile.. It's VERY impressive (and
before the flame war begins again: It uses magic to keep signals working,
and keep trampolenes working).. It really should be a config option...
Could we have Linus' opnion on this (I assume he rember the HUGH war over
this 6 months ago, which was mostly because no one read the guys post
about how it actally worked and didn't break anything)...
Alan seems to think that rebooting brain dead cpus in SMP mode is
possible.. If such a trick would occure little overhead (I dont see how it
would be much at all for the 'normal case') then we should have it.. It
would be cool to rub that in a NT users face.. :)