Re: Debian Stable server hacked
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 22 Aug 2003 at 10:32:27AM -0400, Matt Zimmerman wrote:
> It is often the case that the attacker doesn't know the exact location of
> structures in memory; there are techniques for finding out. I'm sure that
> the authors of PaX do not misrepresent it as complete protection.
> It's pointless to argue about it; it's clear that PaX provides some value in
> protection against security vulnerabilities, and I think it's also clear
> that because it will break many existing applications, it is not suitable
> for use by default. But there is no reason why a PaX-enabled kernel could
> not be provided as an option. All it needs is someone willing to do the
> work (hint, hint).
I would be willing to maintain a grsec kernel image with PaX and temp.
file symlink blocking if someone would be willing to sponsor it (hint,
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
Excuse #100: We just switched to FDDI.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----