Re: Exec-Shield vs. PaX

To: debian-devel@lists.debian.org
Subject: Re: Exec-Shield vs. PaX
From: Henning Makholm <henning@makholm.net>
Date: 07 Nov 2003 07:46:17 +0100
Message-id: <[🔎] yah1xskhe12.fsf@tyr.diku.dk>
In-reply-to: Yven Johannes Leist's message of "Fri, 7 Nov 2003 02:57:14 +0100"
References: <[🔎] 3FA82434.17565.5937549@localhost> <[🔎] Pine.LNX.4.56.0311050122260.10322@earth> <[🔎] 20031105062851.GA1197@quux.opus.geek> <[🔎] 200311070257.14412.leist@xnap.org>

Scripsit Yven Johannes Leist <leist@xnap.org>

> Well, I for one would love to see a security announcement one day, which 
> contains something like: 
> 
> "All users running the standard Debian kernel are not affected, since the 
> special security features the Debian kernel contains prevent the 
> exploit/attack in question." :)

Hm, what I've been able to glean from the discussions seems to imply
that any software that's vulnerable to a remote access exploit
*without* the kernel-level protection in question, would still at
least be vulneable to a DoS attack, killing the server (or whatever)
process instead of giving the attacker actual control. So we'd still
want to provide security updates to the same extent as without.

-- 
Henning Makholm               "Hele toget raslede imens Sjælland fór forbi."

Reply to:

References:
- Exec-Shield vs. PaX
  - From: pageexec@freemail.hu
- Re: Exec-Shield vs. PaX
  - From: Ingo Molnar <mingo@elte.hu>
- Re: Exec-Shield vs. PaX
  - From: Graham Wilson <graham@debian.org>
- Re: Exec-Shield vs. PaX
  - From: Yven Johannes Leist <leist@xnap.org>

Prev by Date: Re: Bug#217265: acknowledged by developer (Bug#217265: fixed in abiword 2.0.1+cvs.2003.11.07-1)
Next by Date: Re: rename linux-kernel-headers to system-headers
Previous by thread: Re: Exec-Shield vs. PaX
Next by thread: Re: Exec-Shield vs. PaX
Index(es):
- Date
- Thread