Can everbody tell me
where I can download PaX patch for debian kernel?
Thanks
smime.p7s
Description: S/MIME cryptographic signature
[EMAIL PROTECTED] wrote:
Can everbody tell me where I can download PaX patch for debian kernel?
Maybe look into a bigger / more complete solution such as
http://www.grsecurity.net or SELinux?
grsecurity is highly configurable, just use the PaX features if You like
regards
Martin
Sorry, no interest in such a mega-patch. If you are interested in
getting non-executable stack/heap/etc patches into the debian kernel
work with the arch maintainers, for example Dave Miller has added
patches based on PaX to sparc lately.
For the magic ELF flags please use the non-exec stack
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've got a chunk of data that can be used for a demo setup over here. I
would like the help of any debian developers that would like to package
up a set of kernels and the scripts that come with this and place them
in a mini-repository, to give the
packaging.
It still hasn't been decided if Debian will actually supply a
PaX-enabled base, with ET_DYN binaries or even with PT_PAX_FLAGS in the
ELF headers (PaX binutils patch makes these) and appropriate markings to
prevent breakage under a PaX kernel.
If Debian is indeed going to support a PaX protected
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andres Salomon wrote:
| On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
|
|
| I'm interested in discussing the viability of PaX on Debian. I'd like
| to discuss the changes to the base system that would be made, the costs
| in terms
On Mon, 2004-07-26 at 14:37 -0400, John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andres Salomon wrote:
| On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
|
[...]
Did some digging. pipacs said that PAGEEXEC force-enables the 'disable
vsyscall'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andres Salomon wrote:
| On Mon, 2004-07-26 at 14:37 -0400, John Richard Moser wrote:
|
|-BEGIN PGP SIGNED MESSAGE-
|Hash: SHA1
|
|
|
|Andres Salomon wrote:
|| On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
||
|
| [...]
|
|Did
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'll do a recapitulation of what has been covered thusfar in this
message. It's a long one, but it'll get us all on the same channel.
John Richard Moser wrote:
| I'm interested in discussing the viability of PaX on Debian. I'd like
| to discuss
At Mon, 26 Jul 2004 15:38:37 -0400,
John Richard Moser wrote:
|: Tags added: fixed-upstream Request was from GOTO Masanori
|: [EMAIL PROTECTED] to [EMAIL PROTECTED] Full text available.
|
|Fixed in upstream. Either use an updated glibc in the next debian
|release (I know there's no way
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
GOTO Masanori wrote:
| At Mon, 26 Jul 2004 15:38:37 -0400,
| John Richard Moser wrote:
|
[...]
|
|
| Is this VSYSCALL issue? I guess we can backport it without large
| obstacle, but I have no spare time within a few days to work this bug
| because
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm interested in discussing the viability of PaX on Debian. I'd like
to discuss the changes to the base system that would be made, the costs
in terms of overhead and compatibility, the gains in terms of security,
and the mutability (elimination
On Sun, Jul 25, 2004 at 12:57:29PM -0400, John Richard Moser wrote:
A PaX protected base would also benefit from Stack Smash Protection,
which can be done via the gcc patch ProPolice.
I have been flirting with SSP for months now, but the most recent
patches included with GCC do not apply
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Kemp wrote:
| On Sun, Jul 25, 2004 at 12:57:29PM -0400, John Richard Moser wrote:
|
|
|A PaX protected base would also benefit from Stack Smash Protection,
|which can be done via the gcc patch ProPolice.
|
|
| I have been flirting with SSP for
On Sun, Jul 25, 2004 at 02:26:15PM -0400, John Richard Moser wrote:
| I have been flirting with SSP for months now, but the most recent
| patches included with GCC do not apply cleanly. Watch for a bug
| against GCC shortly with updated SSP patches.
|
Yeah I think on 3.3.4 on Gentoo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Kemp wrote:
| On Sun, Jul 25, 2004 at 02:26:15PM -0400, John Richard Moser wrote:
|
|
|| I have been flirting with SSP for months now, but the most recent
|| patches included with GCC do not apply cleanly. Watch for a bug
|| against GCC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Kemp wrote:
[...]
|Firefox sets off SSP itself on load.
|
|
| When you say 'sets of' do you mean disable? I find that unlikely,
| as it's not the kind of thing that can be disabled when all the
| canary checking code is incorporated into
On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm interested in discussing the viability of PaX on Debian. I'd like
to discuss the changes to the base system that would be made, the costs
in terms of overhead and compatibility
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
. . . .thunderbird is being weird. It's giving me where should be,
and wehre should be. EH.
Andres Salomon wrote:
| On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
|
|
| I'm interested in discussing the viability of PaX on Debian
On Mon, 26 Jul 2004 02:57, John Richard Moser [EMAIL PROTECTED] wrote:
I'm interested in discussing the viability of PaX on Debian. I'd like
to discuss the changes to the base system that would be made, the costs
in terms of overhead and compatibility, the gains in terms of security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Russell Coker wrote:
| On Mon, 26 Jul 2004 02:57, John Richard Moser [EMAIL PROTECTED]
wrote:
|
|I'm interested in discussing the viability of PaX on Debian. I'd like
|to discuss the changes to the base system that would be made, the costs
|in terms
On Mon, 26 Jul 2004 13:48, John Richard Moser [EMAIL PROTECTED] wrote:
| Before we can even start thinking about PaX on Debian we need to find a
| maintainer for the kernel patch who will package new versions of the
| patch which apply to the Debian kernel source tree. We have had a few
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Russell Coker wrote:
| On Mon, 26 Jul 2004 13:48, John Richard Moser [EMAIL PROTECTED]
wrote:
|
|| Before we can even start thinking about PaX on Debian we need to find a
|| maintainer for the kernel patch who will package new versions of the
|| patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Found a problem.
Russell Coker wrote:
| On Mon, 26 Jul 2004 02:57, John Richard Moser [EMAIL PROTECTED]
wrote:
[...]
|
| We have recently discussed this on at least one of the lists you
posted to.
| The end result of the discussion is that GCC is
24 matches
Mail list logo