Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261655AbVASKbL (ORCPT ); Wed, 19 Jan 2005 05:31:11 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261673AbVASKbL (ORCPT ); Wed, 19 Jan 2005 05:31:11 -0500 Received: from mx1.elte.hu ([157.181.1.137]:8417 "EHLO mx1.elte.hu") by vger.kernel.org with ESMTP id S261655AbVASKbJ (ORCPT ); Wed, 19 Jan 2005 05:31:09 -0500 Date: Wed, 19 Jan 2005 11:30:20 +0100 From: Ingo Molnar To: John Richard Moser Cc: Linus Torvalds , Arjan van de Ven , Christoph Hellwig , Dave Jones , Andrew Morton , marcelo.tosatti@cyclades.com, Greg KH , chrisw@osdl.org, Alan Cox , Kernel Mailing List Subject: Re: thoughts on kernel security issues Message-ID: <20050119103020.GA4417@elte.hu> References: <20050112205350.GM24518@redhat.com> <20050112182838.2aa7eec2.akpm@osdl.org> <20050113033542.GC1212@redhat.com> <20050113082320.GB18685@infradead.org> <1105635662.6031.35.camel@laptopd505.fenrus.org> <41E6BE6B.6050400@comcast.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41E6BE6B.6050400@comcast.net> User-Agent: Mutt/1.4.1i X-ELTE-SpamVersion: MailScanner 4.31.6-itk1 (ELTE 1.2) SpamAssassin 2.63 ClamAV 0.73 X-ELTE-VirusStatus: clean X-ELTE-SpamCheck: no X-ELTE-SpamCheck-Details: score=-4.9, required 5.9, autolearn=not spam, BAYES_00 -4.90 X-ELTE-SpamLevel: X-ELTE-SpamScore: -4 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1116 Lines: 26 * John Richard Moser wrote: > > There was a kernel-based randomization patch floating around at some > > point, though. I think it's part of PaX. That's the one I hated. > > PaX and Exec Shield both have them; personally I believe PaX is a more > mature technology, since it's 1) still actively developed, and 2) been > around since late 2000. The rest of the community dissagrees with me > of course, [...] might this disagreement be based on the fact that exec-shield _is_ being actively developed and is in active use in Fedora/RHEL, and that split out portions of exec-shield (e.g. flexmmap, PT_GNU_STACK, NX) are already in the upstream kernel? (but no doubt PaX is fine and protects against exploits at least as effectively as (and in some cases more effectively than) exec-shield, so you've definitely not made a bad choice.) Ingo - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/