Re: Exec-Shield vs. PaX

To: pageexec@freemail.hu
Cc: debian-devel@lists.debian.org
Subject: Re: Exec-Shield vs. PaX
From: Ingo Molnar <mingo@elte.hu>
Date: Thu, 6 Nov 2003 12:25:08 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.56.0311061221540.19975@earth>
Reply-to: Ingo Molnar <mingo@elte.hu>
In-reply-to: <[🔎] 3FA92DB2.20276.9A08A69@localhost>
References: <[🔎] 3FA82434.17565.5937549@localhost> <[🔎] 3FA92DB2.20276.9A08A69@localhost>

On Wed, 5 Nov 2003 pageexec@freemail.hu wrote:

> [...] also, you did break userland yourself as well, otherwise how would
> you explain the patches RedHat made to the XFree86 server?

actually, unmodified XFree86 works just fine. It will have an executable
stack but it will work out of box - so no app was broken. tuxracer works
out of box as well.

X does break if you force exec-shield=2, and it did break even with
exec-shield=1 in earlier iterations of exec-shield, but that bug has been
fixed.

the XFree86 patching you refer to above we did was to enable non-exec
stack. But this was an iterative thing to enhance security, not something
we had to do because X broke due to exec-shield itself.

	Ingo

Reply to:

Follow-Ups:
- Re: Exec-Shield vs. PaX
  - From: pageexec@freemail.hu

References:
- Exec-Shield vs. PaX
  - From: pageexec@freemail.hu
- Re: Exec-Shield vs. PaX
  - From: pageexec@freemail.hu

Prev by Date: upstream takeover of wmacpi
Next by Date: Re: [coreutils,hppa] - touch broken on hppa
Previous by thread: Re: Exec-Shield vs. PaX
Next by thread: Re: Exec-Shield vs. PaX
Index(es):
- Date
- Thread