[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Stable server hacked

On Fri, Aug 22, 2003 at 06:35:37PM -0400, Phillip Hofmeister wrote:

> On Fri, 22 Aug 2003 at 10:32:27AM -0400, Matt Zimmerman wrote:
> > It is often the case that the attacker doesn't know the exact location
> > of structures in memory; there are techniques for finding out.  I'm sure
> > that the authors of PaX do not misrepresent it as complete protection.
> > 
> > It's pointless to argue about it; it's clear that PaX provides some
> > value in protection against security vulnerabilities, and I think it's
> > also clear that because it will break many existing applications, it is
> > not suitable for use by default.  But there is no reason why a
> > PaX-enabled kernel could not be provided as an option.  All it needs is
> > someone willing to do the work (hint, hint).
> I would be willing to maintain a grsec kernel image with PaX and temp.
> file symlink blocking if someone would be willing to sponsor it (hint,
> hint)

I really do not have the time to sponsor you, but would like to see this
happen.  If you put together reasonable packages and ask on the mailing
lists, I don't think you'd have a problem finding a sponsor.  There are a
number developers who are interested in this.

 - mdz

Reply to: