Re: stack protection
On Sat, 23 Aug 2003 07:02, Milan P. Stanic wrote:
> On Thu, Aug 21, 2003 at 09:39:53AM +0200, Xavier Roche wrote:
> > Note that some options are sometimes incompatible with some packages:
> > restrictions on kmem ('Deny writing to /dev/kmem, /dev/mem, and
> > /dev/port') prevent lm_sensors from working properly with my server. But
>
> "cat /dev/zero > /dev/mem" is a feature and not a bug, but today
> more and more people disagree.
Allowing the system administrator to write to /dev/mem as part of debugging
the kernel is a feature.
Allowing the dhcp server to write to /dev/mem because it's UID 0 and Unix
security sucks is a bug.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: