Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OT] Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- Date: Thu, 27 Feb 2003 00:12:24 +0900
- From: Matt Doughty <wyndigo@example.com>
- Subject: Re: [OT] Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- References: <20030225044543.GA8866@example.com> <E18ncST-000193-00@example.com> <20030225111641.GE4192@example.com> <20030225140054.GC8351@example.com> <20030225231349.463804af.mike@example.com> <20030225141905.GD8351@example.com> <20030225142714.GQ1495@example.com> <20030226143712.GJ8351@example.com>
- User-agent: Mutt/1.4i
On Wed, Feb 26, 2003 at 09:37:12AM -0500, Josh Glover wrote: > Quoth Martin Baehr (Tue 2003-02-25 03:27:14PM +0100): > > > > if there is a security problem, it's always userland. > > I disagree. Case in point: newer kernels in the 2.4.x series (at least, the > ones packaged by Gentoo and Red Hat--I cannot comment on the vanilla tree) > allow you to add zlib support *to the kernel*! Needless to say (so why am I > saying it?), I avoid such stupidity. I also avoid things like Tux. If you > run a webserver in kernel mode, expect buffer overflows, chunking exploits, > etc to bite you in the arse, and hard. Being completely fair you are both right. almost all the exploitable bugs are in userland. The problem is Linux has developed a very bad habit of allowing people to compile bits of userland into the kernel. > > Anyway, getting back to zlib, anyone who reads BugTraq knows that zlib has > had a bad six months or so. If you have that code in your kernel, voila: > you have a kernel vuln. True, if you are idiotic enough to enable this sort of support into your kernel you are begging for trouble. > > In a perfect world, Martin, you *should* be right. In BSD, for example, > kernel bugs are less frequent, due to the BSD developers being able to resist > the stupid urge to drop the kitchen sink in the bloody kernel. > > In the Linux world, you are flat wrong. > Do you agree with this statement. If you have a sanely configured your kernel, and don't compile the kitchen sink into your kernel then generally you aren't in significant danger of a kernel security hole. I certainly feel safe betting on my kernels vs. my userland, and that is because I have had to replace userland any number of times for security problems with nary a sigle case where my kernel was the problem. I do agree that the linux kernel crew are really overly willing to let you shoot yourself in the foot without really explaining why userland should be cleanly seperated from the kernel. Its even a bigger problem since most of the distributions are busy trying to make linux accessible to the common man. I see an explosive convergence of the two in the future. --Matt
- References:
- Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- From: Martin Baehr
- Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- From: Jonathan Byrne
- Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- From: Scott Robbins
- Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- From: Josh Glover
- [OT] Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- From: Mike Gauthier
- Re: [OT] Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- From: Josh Glover
- Re: [OT] Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- From: Martin Baehr
- Re: [OT] Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- From: Josh Glover
- Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- Prev by Date: Re: [OT] Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- Next by Date: Re: [OT] Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- Previous by thread: Re: [OT] Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- Next by thread: Re: [OT] Re: [tlug] Sorry to Hijack a thread but whats wrong with LILO
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |