Re: non-executable stack (via PT_GNU_STACK) not being enforced
Thank you all for your kind responses. I think I have a much better
understanding of the Debian security process now.
Some out-of-context excerpts below.
- Marsh
On 10/12/2010 05:10 AM, Marcin Owsiany wrote:
And it might be non-obvious, but some CPUs (e.g. the one in my
not-so-old laptop) don't support PAE, so making the default kernel
use PAE would make debian unbootable on them.
Somehow Windows manages to boot.
On 10/11/2010 12:21 PM, Boyd Stephen Smith Jr. wrote:
In<[🔎] 4CB3406E.5020900@extendedsubset.com>, Marsh Ray wrote:
Anyone else perceive this situation as being a bit sub-optimal
from the security perspective?
No.
>
> [...]
1. Configure the BIOS properly.
2. If that's not possible, hack the BIOS.
3. If that's too hard, use LinuxBIOS / OpenBoot.
Finally, don't whine when your software doesn't correct for
intentional hardware crippling.
[...]
That said, I don't really care what the default is for i386.
On 10/11/2010 12:45 PM, Michael Gilbert wrote:
> On Mon, 11 Oct 2010 11:50:54 -0500, Marsh Ray wrote:
>>
>> Anyone else perceive this situation as being a bit sub-optimal from
>> the security perspective?
>
> I agree that this is not ideal.
>> What can be done to not disable page protections in the default
>> kernel?
>
> You would need to convince the kernel team that the bigmem kernel
> should be the default on i386 systems.
Reply to: