Re: [ubuntu-hardened] Re: Collecting NX information

From: John Richard Moser
Date: Mon Mar 28 2005 - 17:19:12 EST

Next message: Pavel Machek: "Re: Disc driver is module, software suspend fails"
Previous message: Adrian Bunk: "Re: [2.6 patch] sound/oss/: cleanups"
In reply to: Brandon Hale: "Re: [ubuntu-hardened] Re: Collecting NX information"
Next in thread: Arjan van de Ven: "Re: [ubuntu-hardened] Re: Collecting NX information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brandon Hale wrote:
>>>actually Linus was really against adding non-related things to this
>>>flag. And I think he is right...
>>>
>
>
> Makes sense to me.
>
>

[...]

>
> IMO you have this backwards, John. Rather than having the majority (ES,
> mainline NX stuff) respect your less popular branch, it would make sense
> to have PaX work as well as possible with PT_GNU_STACK, and politely
> request that any missing functionality be duplicated in ES. PT_GNU_STACK
> is the most widely available header, and we should leverage that
> ubiquity as much as possible. Marking our binaries with PT_PAX_FLAGS
> and then begging everyone else to support our way of doing things will
> never work.
>

You need to consider that in the end I'd need PT_GNU_STACK to do
everything PaX wants, and to make PF_X a tristate (On, Off, Neutral)
which mapped to PF_PAGEEXEC in PaX. In other words, I'd have to
overhaul and most likely *break* everything else that relied on
PT_GNU_STACK, instead of passively adding logic for PT_PAX_FLAGS and
letting everyone else catch up at their leisure.

I'd rather not break anything and force everyone to upgrade *now*; but
instead add PT_PAX_FLAGS functionality for mainline/ES, let it lay there
for a year or so as people start moving over and accepting it, let the
kernel devs decide when it's time to depricate PT_GNU_STACK, and see it
naturally decay away once it's actually no longer needed. The point is
to not break anything, yet to still make things easier for those
projects and distributions like Hardened Ubuntu.

> ---
> Brandon Hale

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

Creative brains are a valuable, limited resource. They shouldn't be
wasted on re-inventing the wheel when there are so many fascinating
new problems waiting out there.
-- Eric Steven Raymond
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCSIKKhDd4aOud5P8RAkqEAJwNhFvfDc63qyPrBvMxs6naG1xuAQCfZKHn
upzqNI5/XzYVCmDKGM6q8ZY=
=YZkT
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Pavel Machek: "Re: Disc driver is module, software suspend fails"
Previous message: Adrian Bunk: "Re: [2.6 patch] sound/oss/: cleanups"
In reply to: Brandon Hale: "Re: [ubuntu-hardened] Re: Collecting NX information"
Next in thread: Arjan van de Ven: "Re: [ubuntu-hardened] Re: Collecting NX information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]