Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261263AbVAMRwd (ORCPT ); Thu, 13 Jan 2005 12:52:33 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261238AbVAMRvr (ORCPT ); Thu, 13 Jan 2005 12:51:47 -0500 Received: from fw.osdl.org ([65.172.181.6]:47046 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id S261256AbVAMRtp (ORCPT ); Thu, 13 Jan 2005 12:49:45 -0500 Date: Thu, 13 Jan 2005 09:49:42 -0800 From: Chris Wright To: Linus Torvalds Cc: Alan Cox , Christoph Hellwig , Dave Jones , Andrew Morton , marcelo.tosatti@cyclades.com, Greg KH , chrisw@osdl.org, Linux Kernel Mailing List Subject: Re: thoughts on kernel security issues Message-ID: <20050113094942.R24171@build.pdx.osdl.net> References: <20050112205350.GM24518@redhat.com> <20050112182838.2aa7eec2.akpm@osdl.org> <20050113033542.GC1212@redhat.com> <20050113082320.GB18685@infradead.org> <1105632757.4624.59.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from torvalds@osdl.org on Thu, Jan 13, 2005 at 09:33:38AM -0800 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1367 Lines: 30 * Linus Torvalds (torvalds@osdl.org) wrote: > On Thu, 13 Jan 2005, Alan Cox wrote: > > > > On Iau, 2005-01-13 at 16:38, Linus Torvalds wrote: > > > It wouldn't be a global flag. It's a per-process flag. For example, many > > > people _do_ need to execute binaries in their home directory. I do it all > > > the time. I know what a compiler is. > > > > noexec has never been worth anything because of scripts. Kernel won't > > load that binary, I can write a script to do it. > > Scripts can only do what the interpreter does. And it's often a lot harder > to get the interpreter to do certain things. For example, you simply > _cannot_ get any thread race conditions with most scripts out there, nor > can you generally use magic mmap patterns. I think perl has threads and some type of free form syscall ability. Heck, with a legit elf binary and gdb you can get a long ways. But I agree in two things. 1) It's all about layers, since there is no silver bullet, and 2) Containment goes a long ways to mitigate damage. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/