Re: exec-shield (maybe ITP kernel-patch-exec-shield)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2003-11-03 17:20, Russell Coker wrote:
> On Mon, 3 Nov 2003 23:42, spender@grsecurity.net wrote:
> > > Maybe we should solve the debate about grsec and standard kernels by
> > > adding exec-shield to the standard Debian kernel source?
> >
> > Go ahead and do it. I could frankly care less if your users get owned.
> > Give them a false sense of security by telling them that Exec-shield
> > is a substitute for grsecurity and PaX.
>
> The problem is that we don't have anyone who has the time and ability to
> merge PaX with the Debian kernel patches.
>
> The exec-shield patch applies with the Debian patches and with LSM. I am
> prepared to maintain it. Unless someone volunteers to maintain PaX
> support for Debian kernels then the best available option for Debian users
> will be exec-shield.
hm, the adamantix guys use PaX, maybe they ought to be pinged about this?
> Actually I don't want to make security decisions for users. This is why I
> initially maintained the Debian patch package for grsec, I have promoted
> OpenWall, I packaged RSBAC (but had to dump it because I didn't have the
> resources to test it and no-one else was interested), and now I'm working
> on SE Linux.
>
> I want the users to have as many choices as possible.
adamantix also uses RSBAC if I'm not mistaken
- --
Cheers, cobaco
/"\ ASCII Ribbon Campaign
\ / No proprietary formats in attachments without request
X i.e. *NO* WORD, POWERPOINT or EXCEL documents
/ \ Respect Open Standards
http://www.fsf.org/philosophy/no-word-attachments.html
http://www.goldmark.org/netrants/no-word/attach.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/p3+I5ihPJ4ZiSrsRAsCaAJ4004STNUj9aYpTNfek8VzbD7YLFgCfa+85
toqP6RWRqp2GO9KYpURkJiQ=
=glf9
-----END PGP SIGNATURE-----
Reply to: