Re: Exec-Shield vs. PaX
On Sun, Nov 09, 2003 at 08:16:35AM +1100, Russell Coker wrote:
> On Fri, 7 Nov 2003 12:57, Yven Johannes Leist wrote:
> > Well, I for one would love to see a security announcement one day, which
> > contains something like:
> >
> > "All users running the standard Debian kernel are not affected, since the
> > special security features the Debian kernel contains prevent the
> > exploit/attack in question." :)
>
> To get this we need support for PIE executables, and preferrably something
> like ProPolice as well.
>
> Currently Debian is behind Fedora and is not showing any signs of catching
> up...
We'd need a hell of a lot more evidence of PIE's value before I'd let
anyone inflict that on Debian by default. It's both dubious and a
nuisance to developers, since it increases irreproducibility. It's
also still what I would consider experimental.
--
Daniel Jacobowitz
MontaVista Software Debian GNU/Linux Developer
Reply to: