--On January 26, 2006 11:03:55 AM +0100 "Martin G.H. Minkler"
<[EMAIL PROTECTED]> wrote:
[EMAIL PROTECTED] wrote:
Can everbody tell me where I can download PaX patch for debian kernel?
Maybe look into a bigger / more complete solution such as
http://www.grsecurity.net or SELinux?
grsecu
[EMAIL PROTECTED] wrote:
Can everbody tell me where I can download PaX patch for debian kernel?
Maybe look into a bigger / more complete solution such as
http://www.grsecurity.net or SELinux?
grsecurity is highly configurable, just use the PaX features if You like
regards
Martin
--
To U
Can everbody tell me
where I can download PaX patch for debian kernel?
Thanks
smime.p7s
Description: S/MIME cryptographic signature
Sorry, no interest in such a mega-patch. If you are interested in
getting non-executable stack/heap/etc patches into the debian kernel
work with the arch maintainers, for example Dave Miller has added
patches based on PaX to sparc lately.
For the magic ELF flags please use the non-exec stack anno
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've got a chunk of data that can be used for a demo setup over here. I
would like the help of any debian developers that would like to package
up a set of kernels and the scripts that come with this and place them
in a mini-repository, to give the dev
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This post is also being forwarded to debian-kernel, as it contains the
appropriate kernel settings. This is a continuation of the message from
the debian-security and debian-devel lists, archived at
http://lists.debian.org/debian-security/2004/07/msg00
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
GOTO Masanori wrote:
| At Mon, 26 Jul 2004 15:38:37 -0400,
| John Richard Moser wrote:
|
[...]
|
|
| Is this VSYSCALL issue? I guess we can backport it without large
| obstacle, but I have no spare time within a few days to work this bug
| because the
At Mon, 26 Jul 2004 15:38:37 -0400,
John Richard Moser wrote:
> |>: Tags added: fixed-upstream Request was from GOTO Masanori
> |>: <[EMAIL PROTECTED]> to [EMAIL PROTECTED] Full text available.
> |>
> |>Fixed in upstream. Either use an updated glibc in the next debian
> |>release (I know there's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'll do a recapitulation of what has been covered thusfar in this
message. It's a long one, but it'll get us all on the same channel.
John Richard Moser wrote:
| I'm interested in discussing the viability of PaX on Debian. I'd like
| to discuss the ch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andres Salomon wrote:
| On Mon, 2004-07-26 at 14:37 -0400, John Richard Moser wrote:
|
|>-BEGIN PGP SIGNED MESSAGE-
|>Hash: SHA1
|>
|>
|>
|>Andres Salomon wrote:
|>| On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
|>|
|
| [...]
|
On Mon, 2004-07-26 at 14:37 -0400, John Richard Moser wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
>
> Andres Salomon wrote:
> | On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
> |
[...]
>
> Did some digging. pipacs said that PAGEEXEC force-enables the 'disable
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andres Salomon wrote:
| On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
|
|
| I'm interested in discussing the viability of PaX on Debian. I'd like
| to discuss the changes to the base system that would be made, the costs
| in terms of o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Found a problem.
Russell Coker wrote:
| On Mon, 26 Jul 2004 02:57, John Richard Moser <[EMAIL PROTECTED]>
wrote:
[...]
|
| We have recently discussed this on at least one of the lists you
posted to.
| The end result of the discussion is that GCC is gett
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Russell Coker wrote:
| On Mon, 26 Jul 2004 13:48, John Richard Moser <[EMAIL PROTECTED]>
wrote:
|
|>| Before we can even start thinking about PaX on Debian we need to find a
|>| maintainer for the kernel patch who will package new versions of the
|>| p
On Mon, 26 Jul 2004 13:48, John Richard Moser <[EMAIL PROTECTED]> wrote:
> | Before we can even start thinking about PaX on Debian we need to find a
> | maintainer for the kernel patch who will package new versions of the
> | patch which apply to the Debian kernel source tree. We have had a few
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Russell Coker wrote:
| On Mon, 26 Jul 2004 02:57, John Richard Moser <[EMAIL PROTECTED]>
wrote:
|
|>I'm interested in discussing the viability of PaX on Debian. I'd like
|>to discuss the changes to the base system that would be made, the costs
|>in te
On Mon, 26 Jul 2004 02:57, John Richard Moser <[EMAIL PROTECTED]> wrote:
> I'm interested in discussing the viability of PaX on Debian. I'd like
> to discuss the changes to the base system that would be made, the costs
> in terms of overhead and compatibility, the gains in terms of security,
> and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
. . . .thunderbird is being weird. It's giving me > where >> should be,
and >> wehre > should be. EH.
Andres Salomon wrote:
| On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
|
|
| I'm interested in discussing the viability of PaX on Debi
On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I'm interested in discussing the viability of PaX on Debian. I'd like
> to discuss the changes to the base system that would be made, the costs
> in terms of overhead and compatibi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Kemp wrote:
[...]
|>Firefox sets off SSP itself on load.
|
|
| When you say 'sets of' do you mean disable? I find that unlikely,
| as it's not the kind of thing that can be disabled when all the
| canary checking code is incorporated into th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Kemp wrote:
| On Sun, Jul 25, 2004 at 02:26:15PM -0400, John Richard Moser wrote:
|
|
|>| I have been flirting with SSP for months now, but the most recent
|>| patches included with GCC do not apply cleanly. Watch for a bug
|>| against GCC s
On Sun, Jul 25, 2004 at 02:26:15PM -0400, John Richard Moser wrote:
> | I have been flirting with SSP for months now, but the most recent
> | patches included with GCC do not apply cleanly. Watch for a bug
> | against GCC shortly with updated SSP patches.
> |
>
> Yeah I think on 3.3.4 on Gen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Kemp wrote:
| On Sun, Jul 25, 2004 at 12:57:29PM -0400, John Richard Moser wrote:
|
|
|>A PaX protected base would also benefit from Stack Smash Protection,
|>which can be done via the gcc patch ProPolice.
|
|
| I have been flirting with SSP fo
On Sun, Jul 25, 2004 at 12:57:29PM -0400, John Richard Moser wrote:
> A PaX protected base would also benefit from Stack Smash Protection,
> which can be done via the gcc patch ProPolice.
I have been flirting with SSP for months now, but the most recent
patches included with GCC do not apply c
24 matches
Mail list logo
