Bug#605090: Updated patch
Hi,
On Wed, Jan 26, 2011 at 01:29:14PM +0100, Yves-Alexis Perez wrote:
> Due to the performances concerns, I've decided to keep UDEREF and
> KERNEXEC disabled on amd64 for now anyway, so those will disappear
> (independently of the i386 decision).
This doesn't seem like a good idea. The bulk of heavy-duty kernel hardening
is with KERNEXEC and UDEREF. If someone is interested in speed, they can
choose i386. But if someone wants a hardened kernel and amd64, they should
have the option. I'd leave those on for both.
-Kees
--
Kees Cook @debian.org
Reply to: