Re: Debian Stable server hacked
On Fri, Aug 22, 2003 at 06:35:37PM -0400, Phillip Hofmeister wrote:
> On Fri, 22 Aug 2003 at 10:32:27AM -0400, Matt Zimmerman wrote:
> > It is often the case that the attacker doesn't know the exact location
> > of structures in memory; there are techniques for finding out. I'm sure
> > that the authors of PaX do not misrepresent it as complete protection.
> > It's pointless to argue about it; it's clear that PaX provides some
> > value in protection against security vulnerabilities, and I think it's
> > also clear that because it will break many existing applications, it is
> > not suitable for use by default. But there is no reason why a
> > PaX-enabled kernel could not be provided as an option. All it needs is
> > someone willing to do the work (hint, hint).
> I would be willing to maintain a grsec kernel image with PaX and temp.
> file symlink blocking if someone would be willing to sponsor it (hint,
I really do not have the time to sponsor you, but would like to see this
happen. If you put together reasonable packages and ask on the mailing
lists, I don't think you'd have a problem finding a sponsor. There are a
number developers who are interested in this.