Re: wish list

[Dustin Marquess <jailbird@alcatraz.fdf.net>]

At 06:38 AM 6/7/99 , you wrote:
>hi at all!,
>  Some interesting feature that i think are important:
>
>
>- Compile distro with stackguard

         I'm kind of iffy about this one.  I'm part of the Utopian Linux 
Distribution, which was designed to be secure and fast out of the box (of 
course this "design" was about 2 years ago and it hasn't shipped yet...).

         StackGuard seems to provide a cover-up, at the cost of 
speed.  This speed is unnoticable in small programs, but when you get into 
large MySQL databases and such, it probably will be.

         I am also a firm believer that the actually code should be 
fixed.  Fix the code and send a patch to the maintainer.  This way 
everybody reaps the benefits of having a secure program, and we don't have 
to deal with StackGuard.

         Now of course this doesn't help if a new bug is found.  I have 
been toying with the idea of using StackGuard on anything that is going to 
be suid root, just as an added layer of paranoia.

         I've also been working on a bash script to detect stupid coding 
mistakes such as insecure strcpy()'s and such, and allow the user to let 
the script automatically fix them.  Of course the script doesn't have 
enough intelligence to correctly fix things all the time.  If anybody has 
any ideas on how to make this better, I'd appeciate feedback.

                                                                             
                      -Dustin

-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/