[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [custom] Debian Enterprise - packages

On Thu, 2003-12-04 at 07:04, Russell Coker wrote:
> On Thu, 4 Dec 2003 08:07, "David Palmer." <davidpalmer@westnet.com.au> wrote:
> > I note also that Adamantix developers, when a present priority project
> > reaches completion, have expressed a willingness to commit in the
> > process of assisting with Pax incorporation into the Debian kernel.
> 
> Please point out where the Adamantix developers expressed a willingness to 
> help in any way.

Hello Russell,

I searched the Debian-devel archive for the exchanges I read myself, but
do you think that I could find them? No way!
They must be there somewhere, but time is short, so I grabbed this off
the Adamantix site.
I think that it adequately displays Peter Bussers' attitude.
But if you need more, when I have more time I wil conduct a more
thorough search, and even ask Peter for verification if that is what is
required.

Hi!

I got some replies to debian-devel Cc:-ed from people who said that they
wanted to have a kernel-patch package for PaX. After that, I got the following
message:

----- Forwarded message from Javier Fern?ndez-Sanguino Pe?a
<jfs(at)computer.org> -----

From: Javier Fern?ndez-Sanguino Pe?a <jfs(at)computer.org>
To: Peter Busser <peter(at)adamantix.org>
Cc: debian-devel(at)lists.debian.org
Subject: Re: exec-shield (maybe ITP kernel-patch-exec-shield)

On Fri, Nov 28, 2003 at 12:20:43PM +0100, Peter Busser wrote:[...]


Just so we move forward, I have packaged today a kernel-patch-package which 
seems to apply as expected with 'make-kpackage' based on the changes you 
have introduced to the kernel_2.4.21_2.4.21-5 package developed by Herbert 
Xu. 

I've sent the ITP (just in case somebody wants to comment or pre-test it) 
and will upload it soo to an upload queue. 

I guess that the rsbac userspace would need to be included in Debian too in 
order for this patch to be useful for Debian users at all, am I correct? 
I'm going to send also the paxtest package you developed in order for 
people to test PaX (and exec-shield's) functionality and decide for 
themselves. I will first write a manpage for it (as mandated per policy) 
though.

Regards

Javi



----- End forwarded message -----

I'm really happy to receive some positive reactions from Debian related people.
And I am even more happy to see that Javi is willing to help getting this stuff
in Debian.

That does not mean that Adamantix will be obsolete soon, integrating it in
Debian will take time. And there are conflicting interests here (exec-shield,
SELinux and stackguard in the future) that might slow down or stop integration
in Debian (fortunately RSBAC and SELinux can live together in 2.6).

People will find ways around RSBAC, SSP, PaX and whatever is decided to add
next. I suspect that the number of backdoor attempts will increase as soon as
cracking systems becomes harder. Therefore the road to a really high security
system is a long one. We are still at the beginning of that journey.

Groetjes,
Peter Busser[...]
Reply to: