[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

exec-shield (maybe ITP kernel-patch-exec-shield)


It seems that exec-shield does 99% of what PaX does (PaX is the most desirable 
feature in GRSec).  Exec-shield also has support for 2.6 and looks like it 
will be a standard feature in Red Hat.

I have just built a kernel from the Debian kernel-source-2.4.22 package with 
exec-shield, the patch applied cleanly and it appears to work well.

Maybe we should solve the debate about grsec and standard kernels by adding 
exec-shield to the standard Debian kernel source?  Then people who use a 
kernel.org kernel can apply the grsec patch (which will not apply to a Debian 
kernel source tree), and people who use the Debian kernel source will get 
exec-shield by default?

If adding exec-shield to the Debian kernel is not considered a good idea then 
I'll create a kernel-patch package for exec-shield, which will still remove 
the need to make grsec work with the Debian kernel.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: