Re: PaX on Debian
-----BEGIN PGP SIGNED MESSAGE-----
Andres Salomon wrote:
| On Mon, 2004-07-26 at 14:37 -0400, John Richard Moser wrote:
|>-----BEGIN PGP SIGNED MESSAGE-----
|>Andres Salomon wrote:
|>| On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
|>Did some digging. pipacs said that PAGEEXEC force-enables the 'disable
|>vsyscall' option, so you'd be forced to use SEGMEXEC on x86 to avoid
|>#245563, if I'm reading this right. On amd64, it should be fine; he
| Yep, that's right. I've talked to both ian and pipacs about it.
| Spender and pipacs both agree that upstream glibc fixes will work.
|>: Tags added: fixed-upstream Request was from GOTO Masanori
|>: <email@example.com> to firstname.lastname@example.org. Full text available.
|>Fixed in upstream. Either use an updated glibc in the next debian
|>release (I know there's no way you're going to suddenly shift STABLE to
|>PaX/pie/ssp, and I'm even going to recommend AGAINST that due to
|>Debian's development model), or backport the changes to whatever glibc
| The plan is to backport changes; I was hoping to make the next (debian)
| glibc release, but no one else seems interested in fixing the bug, and
| I'm lacking free time right now.
Check to see if someone else did it. I know it works on Gentoo, for a
few months now; but I don't know if it's just a newer version of glibc
or if there was also a backport for some of the older versions. I'm
using 2.3.4 pre-relases of glibc, so obviously I'm on a fixed version,
not an old one with a backported patch.
Never do work you don't have to do; gpl code can be freely yanked back
and forth. :)
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitely stated.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----