Re: Grsec/PaX and Exec-shield

To: spender@grsecurity.net
Cc: debian-devel@lists.debian.org
Subject: Re: Grsec/PaX and Exec-shield
From: Ingo Molnar <mingo@elte.hu>
Date: Tue, 4 Nov 2003 21:23:58 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.56.0311042117020.2109@earth>
Reply-to: Ingo Molnar <mingo@elte.hu>
In-reply-to: <[🔎] 20031104184748.GA10272@grsecurity.net>
References: <[🔎] 20031104155623.GA30743@grsecurity.net> <[🔎] Pine.LNX.4.56.0311041811370.23494@earth> <[🔎] 20031104184748.GA10272@grsecurity.net>

On Tue, 4 Nov 2003 spender@grsecurity.net wrote:

> [...] Exec-shield "can" stop, but "will" stop is a completely different
> matter. I'll let the bugfixed paxtest tell this story, however.

i am 100% sure that by taking the range-property of exec-shield into
account you can construct 'bugfixed' mapping scenarios where exec-shield
will be 'Vulnerable' for each test you can construct. If you do that you
might as well rename 'pax-test' to 'pax-is-best' ;-)

my argument is that for common apps here and now running on my system the
layout is good enough for exec-shield to be quite close to that of PaX.
(It wont be as complete as PaX though, notably the library bss/data areas
wont be protected.)

	Ingo

Reply to:

References:
- Re: Grsec/PaX and Exec-shield
  - From: spender@grsecurity.net
- Re: Grsec/PaX and Exec-shield
  - From: Ingo Molnar <mingo@elte.hu>
- Re: Grsec/PaX and Exec-shield
  - From: spender@grsecurity.net

Prev by Date: Bug#219172: RFA: lm-sensors, i2c
Next by Date: Linux kernel re-packaged using CDBS
Previous by thread: Re: Grsec/PaX and Exec-shield
Next by thread: Re: Grsec/PaX and Exec-shield
Index(es):
- Date
- Thread