Re: [Full-disclosure] linux bugs (survival stories)?

[dk <dk@xxxxxxxxxxxxxxxx>]

Valdis.Kletnieks@xxxxxx wrote:
> On Tue, 12 Apr 2005 12:06:59 +0545, Bipin Gautam said:
>
> > BUT i was woundering, to what extent adding these extra security
> > measures are effective against the real attacks & bugs discovered in
> > the kernel.
>
>
> They do almost nothing to guard against bugs discovered *in the kernel*,
> because all of them are addressing *userspace* bugs.

DING DING!
Once again, Valdis hits the point(s) dead on. I am still surprised at 
the number of times I get this question when the topic comes up. It 
seems fairly straight forward & is usually mentioned in a project's 
documentation (PaX, etc..) or forums.

--
dk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/