[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#605090: Linux 3.2 in wheezy

On Fri, 2012-02-03 at 00:34 +0000, Ben Hutchings wrote:
> There is an easy way to benefit from it.
Well still the user wouldn't know how to configure it...
Actually I must admit that I haven't followed PaX/grsec now for some
time (mainly due to the deb package being always out of date in sid).

Wasn't it once the case with PaX that packages have to be compiled
specially? Or some ELF headers added or so?
And there were no execute features which are perhaps superseded to some
extent (now that AMD64 has NX bit)...
So what I mean in the end,... I'm surely not an expert with respect to
the kernel, but at least I used to have my own .config since years,..
still it would mean quite some effort for me to get PaX/grsec running in
a way that I for myself believe I've done it right.
And this does not include tracing problems (I _very_ vaguely remember
that one had to make exceptions e.g. for Java?)

And that's why I think that such "special" frameworks like PaX/grsec,
SElinux, Apparmor, Smack, etc. pp. make only sense if well supported by
the distro, at least for some (blind guess:) 80-90% of all potential

> You flatter us.  General experience with kernel development does not
> make someone an expert that is capable of understanding all the
> implications of rebasing a patch or patch set that modifies many core
> kernel features.
Well come on Ben,.. you've already helped me so often with issues with
the kernel,... you guys have at least some very good overview on

> > Well IMHO, at best, one should never need to rund anything from outside
> > the Debian archives ;)
> Wishing it so doesn't make it practically possible.
Well.. so far I do :D


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: