Announcing security hardened kernels for testing
Matt Zimmerman
mdz at canonical.com
Tue Jan 4 13:10:42 CST 2005
On Tue, Jan 04, 2005 at 04:27:44PM +0000, Mike Hearn wrote:
> On Tue, 04 Jan 2005 16:16:55 +0100, Martin Pitt wrote:
> > At the Mataro conference we discussed about various proactive security
> > enhancements for Ubuntu [1]. Amongst other things we agreed to provide
> > a security enhanced kernel that integrates PaX [2]. By separating
> > writeable and executable memory, PaX prevents the exploitation of a
> > whole class of common security vulnerabilities, the buffer overflows.
>
> Why was PaX chosen over exec-shield? The Linux community has much greater
> experience with this set of patches than PaX, I know we
> already dealt with some of the fallout of that in the Wine project.
PaX is what Martin chose to work on; if you would like to experiment with a
different implementation, that is welcome as well.
--
- mdz
More information about the ubuntu-devel
mailing list