Bug#521482: linux-2.6: adopt hardening patches (execshield and grsecurity) into default kernel packages for squeeze
package: linux-2.6 severity: wishlist tags: security there are now several security hardening kernel patches available in the debian archive (e.g. execshield and grsecurity). it would be great if these patches were incorporated into the default kernel packages. this would go a long way toward reducing the impact of security threats to the majority of end users. most users will never consider applying those patches or building/using a non-vanilla debian kernel. thank you for your consideration. mike -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#521482: closed by maximilian attems m...@stro.at (Re: Bug#521482: linux-2.6: adopt hardening patches (execshield and grsecurity) into default kernel packages for squeeze)
get them upstream merged see http://wiki.debian.org/DebianKernelPatchAcceptanceGuidelines but doesn't it make sense to be proactive about security? this isn't really a security fix, but it a security improvement. i can't even fathom how to get this merged upstream since redhat has been working on execshield for over 5 years or so and hasn't been able to merge it themselves... or better use selinux and improve it!! selinux has a different scope. it doesn't do things like adress space randomization and doesn't preventing stack smashing (which is what execshield is designed for). supposedly vista does this stuff really well now, and it's dissapointing that linux is behind the curve (well at least fedora has it, so part of the community has the extra protection). -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
