On 12/31/11 13:00 , Russell Coker wrote:
I just tested this as well (without SELinux), after remembering that, even on current processors with NX support in hardware, the NX bit only works if PAE is enabled. The bigmem, xen and amd64 kernels gave pretty much the same results as I had back then with exec-shield and SELinux. paxtest reported everything as vulnerable with the "default" Debian kernel.On Sat, 31 Dec 2011, Laurentiu Pancescu<lpancescu@googlemail.com> wrote:effective). I tested Exec-shield in Debian a few years ago, with and without SELinux, it makes a big difference:I just did a quick test on an i386 system with PAE running a 686 Squeeze kernel.
Perhaps they tested Debian with the default kernel, instead of bigmem. My bigmem results look similar to Ubuntu, although Debian doesn't have AppArmor. Hardened Gentoo is pretty impressive, though.http://labs.mwrinfosecurity.com/notices/assessing_the_tux_strength_part_2_i nto_the_kernel/Interesting article, it doesn't make Debian look good. :(