Re: Exec-Shield vs. PaX
On Wed, 5 Nov 2003 firstname.lastname@example.org wrote:
> [...] also, you did break userland yourself as well, otherwise how would
> you explain the patches RedHat made to the XFree86 server?
actually, unmodified XFree86 works just fine. It will have an executable
stack but it will work out of box - so no app was broken. tuxracer works
out of box as well.
X does break if you force exec-shield=2, and it did break even with
exec-shield=1 in earlier iterations of exec-shield, but that bug has been
the XFree86 patching you refer to above we did was to enable non-exec
stack. But this was an iterative thing to enhance security, not something
we had to do because X broke due to exec-shield itself.