Re: exec-shield (maybe ITP kernel-patch-exec-shield)

To: Henrique de Moraes Holschuh <hmh@debian.org>, debian-devel@lists.debian.org
Subject: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
From: Peter Busser <peter@adamantix.org>
Date: Fri, 28 Nov 2003 13:25:14 +0100
Message-id: <[🔎] 20031128122514.GF8493@adamantix.org>
In-reply-to: <[🔎] 20031128120442.GA21153@khazad-dum.debian.net>
References: <[🔎] 20031121164140.GA23900@adamantix.org> <[🔎] 200311271126.50262.russell@coker.com.au> <[🔎] 20031127120603.GA1047@adamantix.org> <[🔎] 200311280034.54723.russell@coker.com.au> <[🔎] 20031127135954.GA2371@adamantix.org> <[🔎] 20031127234050.GA29184@khazad-dum.debian.net> <[🔎] 20031128113755.GD8493@adamantix.org> <[🔎] 20031128120442.GA21153@khazad-dum.debian.net>

Hi!

On Fri, Nov 28, 2003 at 10:04:42AM -0200, Henrique de Moraes Holschuh wrote:
> On Fri, 28 Nov 2003, Peter Busser wrote:
> > > I for one, do (especially since I have Russell's word that it would work
> > > quite well along with SE Linux).
> > 
> > It is nice to hear that Russell changed his mind after the previous dicussion.
> I am not implying he said PaX would not need patch merge changes to apply,
> mind you.  Just that PaX would enhance the security of a SELinux system, and
> that the two can conceptually work well together.

Oh yes, sure, a mandatory access control subsystem improves PaX' effectiveness.

> > Debian testing worked on a test system with the Adamantix kernel-image package
> > (which obviously includes PaX with the most restrictive settings enabled). X
> > breaks, but it breaks on exec-shield too.
> This is the kind of thing that would make the adoption slow. We'd need to
> fix it, and fix it properly.

Right, it is not useful to have a memory protection patch that does not protect
certain important programs. It doesn't seem to be very difficult to fix though.

Groetjes,
Peter Busser
-- 
The Adamantix Project
Taking high-security Linux out of the labs, and into the real world
http://www.adamantix.org/

Reply to:

Follow-Ups:
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

References:
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Peter Busser <peter@adamantix.org>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Russell Coker <russell@coker.com.au>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Peter Busser <peter@adamantix.org>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Russell Coker <russell@coker.com.au>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Peter Busser <peter@adamantix.org>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Peter Busser <peter@adamantix.org>
- Re: exec-shield (maybe ITP kernel-patch-exec-shield)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
Next by Date: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
Previous by thread: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
Next by thread: Re: exec-shield (maybe ITP kernel-patch-exec-shield)
Index(es):
- Date
- Thread