[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Exec-Shield vs. PaX

On Sun, Nov 09, 2003 at 08:16:35AM +1100, Russell Coker wrote:
> On Fri, 7 Nov 2003 12:57, Yven Johannes Leist wrote:
> > Well, I for one would love to see a security announcement one day, which
> > contains something like:
> >
> > "All users running the standard Debian kernel are not affected, since the
> > special security features the Debian kernel contains prevent the
> > exploit/attack in question." :)
> To get this we need support for PIE executables, and preferrably something 
> like ProPolice as well.
> Currently Debian is behind Fedora and is not showing any signs of catching 
> up...

We'd need a hell of a lot more evidence of PIE's value before I'd let
anyone inflict that on Debian by default.  It's both dubious and a
nuisance to developers, since it increases irreproducibility.  It's
also still what I would consider experimental.

Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer

Reply to: