Re: PaX on Debian

To: Andres Salomon <dilinger@voxel.net>
Cc: debian-devel@lists.debian.org, debian-security@lists.debian.org
Subject: Re: PaX on Debian
From: John Richard Moser <nigelenki@comcast.net>
Date: Mon, 26 Jul 2004 15:38:37 -0400
Message-id: <[🔎] 41055DBD.1020004@comcast.net>
In-reply-to: <[🔎] 1090870169.9081.6.camel@toaster.hq.voxel.net>
References: <[🔎] 4103E679.2050402@comcast.net> <[🔎] pan.2004.07.25.23.16.32.793223@voxel.net> <[🔎] 41054F7D.3050408@comcast.net> <[🔎] 1090870169.9081.6.camel@toaster.hq.voxel.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Andres Salomon wrote:
| On Mon, 2004-07-26 at 14:37 -0400, John Richard Moser wrote:
|
|>-----BEGIN PGP SIGNED MESSAGE-----
|>Hash: SHA1
|>
|>
|>
|>Andres Salomon wrote:
|>| On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
|>|
|
| [...]
|
|>Did some digging.  pipacs said that PAGEEXEC force-enables the 'disable
|>vsyscall' option, so you'd be forced to use SEGMEXEC on x86 to avoid
|>#245563, if I'm reading this right.  On amd64, it should be fine; he
|
|
| Yep, that's right.  I've talked to both ian and pipacs about it.
| Spender and pipacs both agree that upstream glibc fixes will work.
|

Cool.

| [...]
|
|>:  Tags added: fixed-upstream Request was from GOTO Masanori
|>:  <gotom@debian.or.jp> to control@bugs.debian.org. Full text available.
|>
|>Fixed in upstream.  Either use an updated glibc in the next debian
|>release (I know there's no way you're going to suddenly shift STABLE to
|>PaX/pie/ssp, and I'm even going to recommend AGAINST that due to
|>Debian's development model), or backport the changes to whatever glibc
|>you use.
|
|
| The plan is to backport changes; I was hoping to make the next (debian)
| glibc release, but no one else seems interested in fixing the bug, and
| I'm lacking free time right now.
|

Check to see if someone else did it.  I know it works on Gentoo, for a
few months now; but I don't know if it's just a newer version of glibc
or if there was also a backport for some of the older versions.  I'm
using 2.3.4 pre-relases of glibc, so obviously I'm on a fixed version,
not an old one with a backported patch.

Never do work you don't have to do; gpl code can be freely yanked back
and forth.  :)

|

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitely stated.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBBV27hDd4aOud5P8RAlGSAKCQePuNYj3EsEPMwGKi9O2WpaxbdwCfSlOF
4WuNZtKqaIkRVrO/xRNZewE=
=9fzL
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: PaX on Debian
  - From: GOTO Masanori <gotom@debian.or.jp>

References:
- PaX on Debian
  - From: John Richard Moser <nigelenki@comcast.net>
- Re: PaX on Debian
  - From: Andres Salomon <dilinger@voxel.net>
- Re: PaX on Debian
  - From: John Richard Moser <nigelenki@comcast.net>
- Re: PaX on Debian
  - From: Andres Salomon <dilinger@voxel.net>

Prev by Date: Re: PaX on Debian
Next by Date: Bug#261560: ITP: iaxcomm -- Softphone for the Asterisk PBX
Previous by thread: Re: PaX on Debian
Next by thread: Re: PaX on Debian
Index(es):
- Date
- Thread