Re: Patch 4/6 randomize the stack pointer

• Previous message: Bill Davidsen: "Re: [PATCH 2/3] buffer writes to sysfs"
• In reply to: Linus Torvalds: "Re: Patch 4/6 randomize the stack pointer"
• Next in thread: John Richard Moser: "Re: Patch 4/6 randomize the stack pointer"
• Reply: John Richard Moser: "Re: Patch 4/6 randomize the stack pointer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:	Thu, 27 Jan 2005 10:28:18 -0800 (PST)
To: John Richard Moser <nigelenki@comcast.net>

On Thu, 27 Jan 2005, Linus Torvalds wrote:
>
> Real engineering is about doing a good job balancing different issues.

Btw, this is true of real security too.

Being too strict "because it's the secure way" just means that people will
disable you altogether, or start doing things that they know is wrong,
because the right way of doing this may be secure, but they are also very
inconvenient.

Thus a security person who doesn't take other aspects into account is
actually HURTING security by insisting on things that may not be practical
for a general vendor.

I've seen companies that had very strict firewalls in place, and didn't
allow people to upload any internal data except by going through approved
sites and having the data approved fist too. Secure? No. I was told people
just connected modems to their local machines in their offices instead:
the security measures didn't work for them, so they had to effectively
disable them entirely. Everybody knew what was going on, but the security
people were pig-headed idiots.

It's a classic mistake of doing totally the wrong thing, and I bet the
pig-headed idiots felt very good about themselves: they had the perfect
excuse for doing something stupid. Namely "we only implement the _best_
security we can do, and we refuse to do anything inferior". It's also a
classic example of perfect being the enemy of good.

So John - next time you flame somebody, ask yourself whether maybe they
had other issues. Maybe a vendor might care about not breaking existing
programs, for example? Maybe a vendor knows that their users don't just
use the programs _they_ provide (and test), but also use their own
programs or programs that they got from the outside, and the vendor cannot
test. Maybe such a vendor understands that you have to ease into things,
and you can't just say "this is how it has to be done from now on".

                        Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Previous message: Bill Davidsen: "Re: [PATCH 2/3] buffer writes to sysfs"
• In reply to: Linus Torvalds: "Re: Patch 4/6 randomize the stack pointer"
• Next in thread: John Richard Moser: "Re: Patch 4/6 randomize the stack pointer"
• Reply: John Richard Moser: "Re: Patch 4/6 randomize the stack pointer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]