[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: stack protection

On Sat, Aug 23, 2003 at 03:13:25PM +1000, Russell Coker wrote:
> On Sat, 23 Aug 2003 07:02, Milan P. Stanic wrote:
> > On Thu, Aug 21, 2003 at 09:39:53AM +0200, Xavier Roche wrote:
> > > Note that some options are sometimes incompatible with some packages:
> > > restrictions on kmem ('Deny writing to /dev/kmem, /dev/mem, and
> > > /dev/port') prevent lm_sensors from working properly with my server. But
> >
> > "cat /dev/zero > /dev/mem" is a feature and not a bug, but today
> > more and more people disagree.
> 
> Allowing the system administrator to write to /dev/mem as part of debugging 
> the kernel is a feature.

UID 0 must have rights to do everything. root can "format" filesystem,
by mistake or by intention.

> Allowing the dhcp server to write to /dev/mem because it's UID 0 and Unix 
> security sucks is a bug.

The problem isn't with UID 0, but with bugs in software.

I think that the problem cannot be solved in wrong place. It isn't
possible to have secure DHCP server by fixing kernel, but by writing
secure (OK, with less bugs) DHCP server.
Reply to: