Waiting for perfect appliation code == stupid plan

Posted Jun 4, 2010 5:27 UTC (Fri) by dwheeler (guest, #1216)
In reply to: Waiting for perfect appliation code == stupid plan by wahern
Parent article: Symbolic links in "sticky" directories

I suggest taking a look at "Security Enhancements in Red Hat Enterprise Linux" by Ulrich Drepper. He describes a set of changes to ELF layouts and various restrictions that end up greatly reducing the vulnerabilities of systems even when programs have bugs (as they always do). "Disruptions are still possible, but the severity of the attacks is significantly reduce[d]".