Announcing security hardened kernels for testing
Gustavo Franco
gustavorfranco at gmail.com
Tue Jan 4 14:49:53 CST 2005
On Tue, 04 Jan 2005 20:08:02 +0000, Mike Hearn <mike at navi.cx> wrote:
> On Tue, 04 Jan 2005 14:47:24 -0200, Gustavo Franco wrote:
> > Add on the list: Java (jvm, of course not in main) and Wine (universe).
>
> Wine doesn't depend on being able to execute stuff from non-exec memory,
> or shouldn't (I nailed a few bugs with that months ago). It *is* sensitive
> to address space layout changes, but we now have multiple layers of armour
> against that sort of thing which is why I asked about exec-shield. I'm
> assuming PaX works in a similar way.
>
> Hopefully the code we have in place to deal with execshield/prelink also
> deals with PaX but let us know if there are any problems.
>
I'm not sure that recent bug fixing on wine changed the situation
about PaX, i'm not using it now. About PaX and exec-shield different
approaches i recommend this debian-devel thread:
http://lists.debian.org/debian-devel/2003/11/msg00206.html
--
Gustavo Franco -- <stratus at acm.org>
More information about the ubuntu-devel
mailing list