On Wed, Nov 05, 2003 at 12:28:51AM -0600, Graham Wilson wrote: | Please, guys, don't have your discussion here. I don't think we really | care about the differences between PaX and exec-shield. Debian is not, | and, to the best of my knowledge, will not, choose one for its kernels, | so there is no need to prove that one or the other is better.
Why should it not? If Pax or Exec-shield can be added to the kernel without breaking things, and provide better protection against some types of security holes than a default kernel, then surely there is a case to be made for including one or the other in the stock Debian kernel. ("Without breaking things" is the tricky bit here, of course.) Cameron.