Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

To: debian-security@lists.debian.org
Subject: Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
From: Dariush Pietrzak <eyck@forumakad.pl>
Date: Wed, 2 Apr 2003 09:46:52 +0200
Message-id: <[🔎] 20030402074651.GB19978@forumakad.pl>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20030402061354.GD16645@keitarou.bubblesworth.net>
References: <3E883C67.3020807@simicro-internet.mg> <20030331134931.GA7092@mood.ritram.it> <[🔎] 3E89761A.60609@simicro-internet.mg> <[🔎] 20030401133615.GA17185@mood.ritram.it> <[🔎] 20030401133017.GA28537@vnl.com> <[🔎] 20030401165306.GA2958@melina.ds14.agh.edu.pl> <[🔎] 20030401174928.GA16302@moskovskaya> <[🔎] 20030401194338.GA19978@forumakad.pl> <[🔎] 20030402061354.GD16645@keitarou.bubblesworth.net>

> of proportion... Some things in security _have_ to be obscure. Your
> password, for example. Or the primes used to generate your PGP private
 There's a difference between 'obscure' and 'secret'.
All you gain by removing kernel-loading capability from your kernel is to
force cracker to search memory to find entry points.
 That's like hiding key to your door under your doormat.

> Security-by-obscurity refers to securing things by relying on the
> obscurity of the _processes and functionality_ behind the security system,
 that fits this description. 
-- 
Dariush Pietrzak,
Key fingerprint = 40D0 9FFB 9939 7320 8294  05E0 BCC7 02C4 75CC 50D9

Reply to:

Follow-Ups:
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: Tim Nicholas <tim@nicholas.net.nz>
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: Paul Hampson <Paul.Hampson@anu.edu.au>

References:
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: DouRiX <dourix-tech@simicro-internet.mg>
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: Maurizio Lemmo - Tannoiser <mizio@tenzione.it>
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: Dale Amon <amon@vnl.com>
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: Marcin Owsiany <porridge@debian.org>
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: David Barroso <tomac@somoslopeor.com>
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: Dariush Pietrzak <eyck@forumakad.pl>
- Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
  - From: Paul Hampson <Paul.Hampson@anu.edu.au>

Prev by Date: Re: H323 Gateways
Next by Date: Re: H323 Gateways
Previous by thread: Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
Next by thread: Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
Index(es):
- Date
- Thread