Re: non-executable stack (via PT_GNU_STACK) not being enforced

To: debian-security@lists.debian.org
Subject: Re: non-executable stack (via PT_GNU_STACK) not being enforced
From: Marsh Ray <marsh@extendedsubset.com>
Date: Tue, 12 Oct 2010 11:44:07 -0500
Message-id: <[🔎] 4CB49057.7010901@extendedsubset.com>
In-reply-to: <[🔎] 20101012101045.GA3305@beczulka>
References: <[🔎] 8CD3699ADB98387-16BC-1C215@webmail-m044.sysops.aol.com> <[🔎] 201010111221.19239.bss@iguanasuicide.net> <[🔎] 4CB38D3A.1040304@extendedsubset.com> <[🔎] 201010112308.04543.bss@iguanasuicide.net> <[🔎] 20101012101045.GA3305@beczulka>

Thank you all for your kind responses. I think I have a much betterunderstanding of the Debian security process now.


Some out-of-context excerpts below.

- Marsh


On 10/12/2010 05:10 AM, Marcin Owsiany wrote:


And it might be non-obvious, but some CPUs (e.g. the one in my
not-so-old laptop) don't support PAE, so making the default kernel
use PAE would make debian unbootable on them.


Somehow Windows manages to boot.


On 10/11/2010 12:21 PM, Boyd Stephen Smith Jr. wrote:

In<[🔎] 4CB3406E.5020900@extendedsubset.com>, Marsh Ray wrote:


Anyone else perceive this situation as being a bit sub-optimal
from the security perspective?

No.

>
> [...]


1. Configure the BIOS properly.
2. If that's not possible, hack the BIOS.
3.  If that's too hard, use LinuxBIOS / OpenBoot.

Finally, don't whine when your software doesn't correct for
intentional hardware crippling.

[...]

That said, I don't really care what the default is for i386.



On 10/11/2010 12:45 PM, Michael Gilbert wrote:
> On Mon, 11 Oct 2010 11:50:54 -0500, Marsh Ray wrote:
>>
>> Anyone else perceive this situation as being a bit sub-optimal from
>> the security perspective?
>
> I agree that this is not ideal.

>> What can be done to not disable page protections in the default
>> kernel?
>
> You would need to convince the kernel team that the bigmem kernel
> should be the default on i386 systems.

Reply to:

References:
- non-executable stack (via PT_GNU_STACK) not being enforced
  - From: Brchk05 <brchk05@aim.com>
- Re: non-executable stack (via PT_GNU_STACK) not being enforced
  - From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
- Re: non-executable stack (via PT_GNU_STACK) not being enforced
  - From: Marsh Ray <marsh@extendedsubset.com>
- Re: non-executable stack (via PT_GNU_STACK) not being enforced
  - From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
- Re: non-executable stack (via PT_GNU_STACK) not being enforced
  - From: Marcin Owsiany <porridge@debian.org>

Prev by Date: Re: non-executable stack (via PT_GNU_STACK) not being enforced
Next by Date: Re: [SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities
Previous by thread: Re: non-executable stack (via PT_GNU_STACK) not being enforced
Next by thread: Re: non-executable stack (via PT_GNU_STACK) not being enforced
Index(es):
- Date
- Thread