Re: exec-shield (maybe ITP kernel-patch-exec-shield)
On Fri, 28 Nov 2003, Peter Busser wrote:
> > > Debian testing worked on a test system with the Adamantix kernel-image package
> > > (which obviously includes PaX with the most restrictive settings enabled). X
> > > breaks, but it breaks on exec-shield too.
> > This is the kind of thing that would make the adoption slow. We'd need to
> > fix it, and fix it properly.
> Right, it is not useful to have a memory protection patch that does not protect
> certain important programs. It doesn't seem to be very difficult to fix though.
Hmm? Well, it wouldn't be the default while such problems are not fixed,
that's for sure. And kludging fixes is not an acceptable solutions in the
minds of many (me included), so we wouldn't just "disable it for X" if there
is any hope of a better solution.
This does not slow the entering of PaX in Debian at all. It _does_ slow
enabling it by default.
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot