[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Grsec/PaX and Exec-shield

On Tue, 4 Nov 2003 spender@grsecurity.net wrote:

> [...] Exec-shield "can" stop, but "will" stop is a completely different
> matter. I'll let the bugfixed paxtest tell this story, however.

i am 100% sure that by taking the range-property of exec-shield into
account you can construct 'bugfixed' mapping scenarios where exec-shield
will be 'Vulnerable' for each test you can construct. If you do that you
might as well rename 'pax-test' to 'pax-is-best' ;-)

my argument is that for common apps here and now running on my system the
layout is good enough for exec-shield to be quite close to that of PaX.
(It wont be as complete as PaX though, notably the library bss/data areas
wont be protected.)


Reply to: