Re: Grsec/PaX and Exec-shield
On Tue, 4 Nov 2003 firstname.lastname@example.org wrote:
> [...] Exec-shield "can" stop, but "will" stop is a completely different
> matter. I'll let the bugfixed paxtest tell this story, however.
i am 100% sure that by taking the range-property of exec-shield into
account you can construct 'bugfixed' mapping scenarios where exec-shield
will be 'Vulnerable' for each test you can construct. If you do that you
might as well rename 'pax-test' to 'pax-is-best' ;-)
my argument is that for common apps here and now running on my system the
layout is good enough for exec-shield to be quite close to that of PaX.
(It wont be as complete as PaX though, notably the library bss/data areas
wont be protected.)