Re: thoughts on kernel security issues

From: Ingo Molnar
Date: Wed Jan 19 2005 - 05:32:01 EST

Next message: Christoph Hellwig: "Re: permissions of /proc/tty/driver"
Previous message: Christoph Hellwig: "Re: [2.6 patch] bttv: make some code static"
In reply to: Bill Davidsen: "Re: thoughts on kernel security issues"
Next in thread: John Richard Moser: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* John Richard Moser <nigelenki@xxxxxxxxxxx> wrote:

> > There was a kernel-based randomization patch floating around at some
> > point, though. I think it's part of PaX. That's the one I hated.
>
> PaX and Exec Shield both have them; personally I believe PaX is a more
> mature technology, since it's 1) still actively developed, and 2) been
> around since late 2000. The rest of the community dissagrees with me
> of course, [...]

might this disagreement be based on the fact that exec-shield _is_ being
actively developed and is in active use in Fedora/RHEL, and that split
out portions of exec-shield (e.g. flexmmap, PT_GNU_STACK, NX) are
already in the upstream kernel?

(but no doubt PaX is fine and protects against exploits at least as
effectively as (and in some cases more effectively than) exec-shield, so
you've definitely not made a bad choice.)

Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Christoph Hellwig: "Re: permissions of /proc/tty/driver"
Previous message: Christoph Hellwig: "Re: [2.6 patch] bttv: make some code static"
In reply to: Bill Davidsen: "Re: thoughts on kernel security issues"
Next in thread: John Richard Moser: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]