[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Axiom-mail] Re: Compile error
|
From: |
Aleksej Saushev |
|
Subject: |
Re: [Axiom-mail] Re: Compile error |
|
Date: |
Sun, 18 May 2008 01:26:36 +0400 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.1 (berkeley-unix) |
root <address@hidden> writes:
>>This is bad actually. It reveals some bad design in Axiom internals,
>>since Axiom is clearly user-land software, it has nothing to do
>>with system protective features. In plain words, Axiom is broken.
>>
>>This may come from GCL or other tools, but it makes no difference,
>>"use another compiler, not the broken one". Being system administrator,
>>I'm suspicious to users, that ask for reduced security, I don't turn
>>them off, if I have them already. So do others.
>>If Axiom requires it, so worse to Axiom, unfortunatly.
>
>
> Yes, I agree that under the new definition of the world (that is,
> under the restricted terms of SELinux) the lisp implementation is
> broken. Under the old definition of the world, the pointless SELinux
> "randomized load point" is broken by design, giving only the illusion
> of security.
ASLR isn't SELinux invention.
It isn't silver bullet, but it does prevent from some sort of attacks,
it does improve security, it isn't illusionary nor pointless.
> This isn't a point we can debate because there is no middle ground.
> You'll always choose "more security" and I'll always choose "getting
> work done" so I'll have no more to say on the subject.
You might be right, if there were absolutely no alternative to
Axiom around, but there are, though not without defects.
Anyway, I believe, this is behind the scope of this list,
and even if I wouldn't think the use of ASLR is useful at all,
I still think, that userland program should not require such
deep system reconfiguration.