[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: non-executable stack (via PT_GNU_STACK) not being enforced




Thank you all for your kind responses. I think I have a much better understanding of the Debian security process now.

Some out-of-context excerpts below.

- Marsh


On 10/12/2010 05:10 AM, Marcin Owsiany wrote:

And it might be non-obvious, but some CPUs (e.g. the one in my
not-so-old laptop) don't support PAE, so making the default kernel
use PAE would make debian unbootable on them.

Somehow Windows manages to boot.


On 10/11/2010 12:21 PM, Boyd Stephen Smith Jr. wrote:
In<4CB3406E.5020900@extendedsubset.com>, Marsh Ray wrote:

Anyone else perceive this situation as being a bit sub-optimal
from the security perspective?

No.
>
> [...]

1. Configure the BIOS properly.
2. If that's not possible, hack the BIOS.
3.  If that's too hard, use LinuxBIOS / OpenBoot.

Finally, don't whine when your software doesn't correct for
intentional hardware crippling.

[...]

That said, I don't really care what the default is for i386.


On 10/11/2010 12:45 PM, Michael Gilbert wrote:
> On Mon, 11 Oct 2010 11:50:54 -0500, Marsh Ray wrote:
>>
>> Anyone else perceive this situation as being a bit sub-optimal from
>> the security perspective?
>
> I agree that this is not ideal.

>> What can be done to not disable page protections in the default
>> kernel?
>
> You would need to convince the kernel team that the bigmem kernel
> should be the default on i386 systems.


Reply to: