Re: thoughts on kernel security issues

From: Arjan van de Ven
Date: Wed Jan 19 2005 - 13:59:49 EST

Next message: Steve Longerbeam: "Re: BUG in shared_policy_replace() ?"
Previous message: Jeff . Fellin: "Kernel Panic in pipe_poll"
In reply to: John Richard Moser: "Re: thoughts on kernel security issues"
Next in thread: John Richard Moser: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I respect you as a kernel developer as long as you're doing preemption
> and schedulers; but I honestly think PaX is the better technology, and I
> think it's important that the best security technology be in place.

the difference is not that big and only in tradeoffs. eg pax trades
virtual address space against protecting a rare occurance (eg where exec
shield wouldn't work because of a high executable mapping. That really
doesn't happen in normal programs)

> On a final note, isn't PaX the only technology trying to apply NX
> protections to kernel space?

Exec Shield does that too but only if your CPU has hardware assist for
NX (which all current AMD and most current intel cpus do).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steve Longerbeam: "Re: BUG in shared_policy_replace() ?"
Previous message: Jeff . Fellin: "Kernel Panic in pipe_poll"
In reply to: John Richard Moser: "Re: thoughts on kernel security issues"
Next in thread: John Richard Moser: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]