Re: Grsec/PaX and Exec-shield
On Tue, 4 Nov 2003 19:53, Peter Busser wrote:
> > I volunteered to make a package for exec-shield because it meets the
> > Debian criteria, I have time to do it, and it interests me. PaX would
> > take much more time so I can't do it.
>
> You cannot do it or you don't want to do it? In fact, anyone can do it
> Russell, I'm pretty sure even you can do it:
Actually I have not tried patching in PaX on it's own. I tried GRSec and
found that the conflicts were greater than I could fix in any reasonable
amount of time. During the previous discussions on grsec I had got the
impression that PaX was the hard part of such a code merge, maybe that
impression was incorrect.
Also note that I use LSM on all my kernels, so anything that conflicts with
LSM is something that I have no ability to test and therefore no interest in
maintaining. I'm sure I could get PaX working with LSM, but it would take
some work. Anyway I'll look into this matter after I upload an exec-shield
package.
> I'm not in fact trying enlist volunteers. I try to offend as many Debian
> people as possible, so that they choose exec-shield. This to ensure that
> Adamantix will has an edge in security over Debian in the future. And it
> seems to be working very well so far.
This seems to conflict with your web site.
From http://www.adamantix.org/motivation.html:
# That is why I started this project, to create a secure Linux platform and
# make it available to everyone. Yes I know OpenBSD exists and I think they do
# a great job. However, free software is all about freedom of choice and it is
# be good to be able to choose between different highly secure systems. In a
# sense my aim is also to create a reference platform, so users can ask Linux
# distribution vendors: ``Why don't you provide this?'' In the future I would
# very much like to see that this project serves no purpose anymore, because
# some or all of its ideas ended up in other (more mainstream) distributions.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: