Re: PaX on Debian
On Mon, 26 Jul 2004 13:48, John Richard Moser <nigelenki@comcast.net> wrote:
> | Before we can even start thinking about PaX on Debian we need to find a
> | maintainer for the kernel patch who will package new versions of the
> | patch which apply to the Debian kernel source tree. We have had a few
>
> Are you talking PaX or grsecurity? PaX is significantly less invasive
> than grsecurity. There will still be issues, of course.
PaX. AFAIK the only PaX kernel-patch package in Debian is the Adamantix
kernel source, which has RSBAC and a bunch of other stuff, and the GRSec
patch. Neither of them apply to the Debian kernel source tree.
> Where would I see debian's 2.6.7 source tree? I'm not a deb user,
> remember, so I'll need a tarball or something.
http://ftp.debian.org/debian/pool/main/k/
> | We have recently discussed this on at least one of the lists you
> | posted to.
>
> | The end result of the discussion is that GCC is getting another SSP type
> | technology known as "mudflap". Mudflap depends on some major new
> | features of
> | GCC 3.5, so it looks like we won't be getting this until GCC 3.5 as the
> | Debian GCC people don't want to merge in other patches which have no
> | apparent chance of being included upstream.
>
> Then don't use ProPolice/SSP for now.
That seems to be what will happen. I'd rather see SSP included sooner, but I
guess it won't happen.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: