On Mon, Jul 27, 2009 at 11:23:58PM -0400, Michael S. Gilbert wrote:
> On Mon, 27 Jul 2009 12:05:35 +1000 Steffen Joeris wrote:
> - execshield or grsecurity by default to harden the kernel. i brought
> this up to the kernel team, but they consider it to be a hinderance and
> undesirable since it is non-vanilla. however, it would be very useful
> since, for example, fedora was immune to the /dev/mem rootkit issue due
> to their use of execshield. maybe Dann Frazier would have
> interest/clout to push for this?
The NX emulation bits of exec_shield cannot be sensibly merged into the
Debian kernel and the rest has been merged into mainline more or less.
It's only affecting legacy i386 CPUs anyway.
Cheers,
Moritz
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
