Waiting for perfect appliation code == stupid plan
Posted Jun 4, 2010 5:27 UTC (Fri) by dwheeler
In reply to: Waiting for perfect appliation code == stupid plan
Parent article: Symbolic links in "sticky" directories
I suggest taking a look at
"Security Enhancements in Red Hat Enterprise Linux" by Ulrich Drepper.
He describes a set of changes to ELF layouts and various restrictions
that end up greatly reducing the vulnerabilities of systems even when programs have bugs (as they always do).
"Disruptions are still possible, but the severity of the attacks is significantly reduce[d]".
to post comments)