Re: Exec-Shield vs. PaX
Scripsit Yven Johannes Leist <leist@xnap.org>
> Well, I for one would love to see a security announcement one day, which
> contains something like:
>
> "All users running the standard Debian kernel are not affected, since the
> special security features the Debian kernel contains prevent the
> exploit/attack in question." :)
Hm, what I've been able to glean from the discussions seems to imply
that any software that's vulnerable to a remote access exploit
*without* the kernel-level protection in question, would still at
least be vulneable to a DoS attack, killing the server (or whatever)
process instead of giving the attacker actual control. So we'd still
want to provide security updates to the same extent as without.
--
Henning Makholm "Hele toget raslede imens Sjælland fór forbi."
Reply to: