On Tue, 12 Apr 2005 12:06:59 +0545, Bipin Gautam said:
BUT i was woundering, to what extent adding these extra security measures are effective against the real attacks & bugs discovered in the kernel.
They do almost nothing to guard against bugs discovered *in the kernel*, because all of them are addressing *userspace* bugs.
DING DING!
Once again, Valdis hits the point(s) dead on. I am still surprised at the number of times I get this question when the topic comes up. It seems fairly straight forward & is usually mentioned in a project's documentation (PaX, etc..) or forums.
-- dk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
