Re: thoughts on kernel security issues

From: Arjan van de Ven
Date: Thu Jan 20 2005 - 14:03:37 EST

Next message: Valdis . Kletnieks: "Re: Fix ea-in-inode default ACL creation"
Previous message: Valdis . Kletnieks: "Re: thoughts on kernel security issues"
In reply to: Valdis . Kletnieks: "Re: thoughts on kernel security issues"
Next in thread: John Richard Moser: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2005-01-20 at 13:16 -0500, John Richard Moser wrote:
> Even when the tagging is all automatic, to really deploy a competantly
> formed system you have to review the results of the automated tagging.
> It's a bit easier in most cases to automate-and-review, but it still has
> to be done. I think in the case of PaX markings, the maintenance
> overhead of manually marking binaries is minimal enough that looking for
> mistakes would be more work than working from an already known and
> familiar base.

well, marking with PT_GNU_STACK is similar, execstack tool (part of the
prelink package) both shows and can change the existing marking of
binaries/libs.

How is that much different to what pax provides?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valdis . Kletnieks: "Re: Fix ea-in-inode default ACL creation"
Previous message: Valdis . Kletnieks: "Re: thoughts on kernel security issues"
In reply to: Valdis . Kletnieks: "Re: thoughts on kernel security issues"
Next in thread: John Richard Moser: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]