Re: Grsec/PaX and Exec-shield

To: debian-devel@lists.debian.org
Cc: Peter Busser <peter@adamantix.org>
Subject: Re: Grsec/PaX and Exec-shield
From: Russell Coker <russell@coker.com.au>
Date: Wed, 5 Nov 2003 02:27:09 +1100
Message-id: <[🔎] 200311050227.10262.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 20031104085326.GA15270@adamantix.org>
References: <[🔎] 20031104085326.GA15270@adamantix.org>

On Tue, 4 Nov 2003 19:53, Peter Busser wrote:
> > I volunteered to make a package for exec-shield because it meets the
> > Debian criteria, I have time to do it, and it interests me.  PaX would
> > take much more time so I can't do it.
>
> You cannot do it or you don't want to do it? In fact, anyone can do it
> Russell, I'm pretty sure even you can do it:

Actually I have not tried patching in PaX on it's own.  I tried GRSec and 
found that the conflicts were greater than I could fix in any reasonable 
amount of time.  During the previous discussions on grsec I had got the 
impression that PaX was the hard part of such a code merge, maybe that 
impression was incorrect.

Also note that I use LSM on all my kernels, so anything that conflicts with 
LSM is something that I have no ability to test and therefore no interest in 
maintaining.  I'm sure I could get PaX working with LSM, but it would take 
some work.  Anyway I'll look into this matter after I upload an exec-shield 
package.

> I'm not in fact trying enlist volunteers. I try to offend as many Debian
> people as possible, so that they choose exec-shield. This to ensure that
> Adamantix will has an edge in security over Debian in the future. And it
> seems to be working very well so far.

This seems to conflict with your web site.

From http://www.adamantix.org/motivation.html:
# That is why I started this project, to create a secure Linux platform and
# make it available to everyone. Yes I know OpenBSD exists and I think they do
# a great job. However, free software is all about freedom of choice and it is
# be good to be able to choose between different highly secure systems. In a
# sense my aim is also to create a reference platform, so users can ask Linux
# distribution vendors: ``Why don't you provide this?'' In the future I would
# very much like to see that this project serves no purpose anymore, because
# some or all of its ideas ended up in other (more mainstream) distributions. 

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- Re: Grsec/PaX and Exec-shield
  - From: Peter Busser <peter@adamantix.org>

Prev by Date: Re: Grsec/PaX and Exec-shield
Next by Date: Bug#219139: ITP: cdcat -- a graphical (QT based) catalog program
Previous by thread: Re: Grsec/PaX and Exec-shield
Next by thread: Re: Grsec/PaX and Exec-shield
Index(es):
- Date
- Thread