[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Grsec/PaX and Exec-shield


> the reply below mostly a re-sent of a mail i sent to you privately - but
> you repeat this argument again without any apparent answer to my
> counter-arguments.

I already suggested you to reread the PaX documentation, there are the answers
to your questions. There is no need to copy/paste it here.

> Summary: i can see no significant differences between the paxtest output -
> all the differences seem to be bogus, see the details below.

Fact is: There is a difference in paxtest output between PaX and exec-shield.
And it is not a difference in exec-shield's advantage.

Another fact: If you don't like this difference, you can change the PaX kernel
configuration to lower the level of security to the same level as exec-shield.

You didn't touch the other facts in the list, because you know you don't have
any proof to easily dismiss them. You would be my hero if you succeeded in
improving on PaX. But in all honesty, exec-shield does not do that I'm afraid.
In fact, there is simply no technical reason whatsoever for exec-shield to
exist at all. None.

Peter Busser
The Adamantix Project
Taking high-security Linux out of the labs, and into the real world

Reply to: