Bug#524373: linux-2.6: /dev/mem rootkit vulnerability

["Michael S. Gilbert" <michael.s.gilbert@gmail.com>]

btw, redhat-based distros are thought to be invulnerable to these
attacks due their incorporation of execshield (in particular, due to
address space randomization). perhaps it's high time that debian
consider doing the same?

i know that execshield is not in the vanilla kernel, but when it comes
to security, you have to admit that a lot is missing from the vanilla
kernel.

the default debian kernel should be hardened.  period.  you need to
protect your users.  it's disappointing when researchers can point to
vista and say hey, they put an end to a lot of attacks in 2007 (via
their address space randomization implementation); while in 2009 the
same statement still can't be made for debian-derived distros. why is
the linux kernel two years behind the state-of-the-art when it comes to
security?  why is redhat doing the right thing while debian does
nothing?