On Wed, 2 Apr 2003, Paolo Falcone wrote:
> Hehehe... we discussed this at #plug last night... although it might not > seem fair for the other players that cannot modify the kernels of their > systems as easily as free operating systems can :-) eh sorry sila. proprietary black box kasi yung OS nila eh. now it's backfiring against them. > If this would be allowed, I believe it would be taxing to reinvent everything. > I'd propose a less intrusive means of securing the box (for sure they > can have a kernel which implements its stack as non-executable, at the > expense of breaking compatibility with the stock applications, and other > issues we can conceive)... > unfortunately, the stock linux kernel has still no built-in measures to power down the all-powerful root in a usable state or protect the memory pages (stack, heap, data) against buffer overflows, to do mandatory access controls at the file, network and process levels, and to limit direct memory/disk access. that's why it helps alot in the real world to go the extra mile in installing kernel-intrusive security patches. remember, the kernel is the "Omega Sector - The Last Line of Defense" if all else fails at userland. the business apps that usually break with a patched kernel are X & Java Runtime Environment but there is a workaround to allow them to run anyway. pong _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
