Announcing security hardened kernels for testing

John Richard Moser nigelenki at
Fri Jan 7 16:41:34 CST 2005

Hash: SHA1

Mike Hearn wrote:
| On Fri, 07 Jan 2005 13:07:24 -0500, John Richard Moser wrote:
|>The community can
|>adjust to PaX easily; but the software won't magically adjust to be
|>better just because the community uses it.
| You say that as if the community *enjoys* rewriting large amounts of
| perfectly acceptable code

In some cases.  Meanwhile, you can just switch off PaX restrictions to
work around it.

| and constantly answering "Help my game
| disappears as soon as I click Play" type questions.

Yes, very rarely.  Actually, I think GLX sets PaX off too. . . eh.  Mark
the games, fix libGLcore, unmark the games when X works.

| If you're willing to
| deal with the aftermath of breaking such a fundamental API then that's
| fine but please don't make the rest of us do it ...

Yeah.  I'm also willing to deal with the aftermath of making breakfast--
that is, I have to wipe the counter off and toss a couple egg shells in
the trash, in exchange for eating something so I don't die.  It's not
like you're dealing with flipping the lights on after the gas has been
running all damn day.

| I think PaX belongs in a custom Hardened Ubuntu type distro, and it'll
| work well there. I don't think it belongs in a mainstream desktop
| distribution. Sorry.

It will make the distribution easier to use if anyone ever actually
cares about the security holes in Linux enough to actually exploit them.
~ Suddenly chances to get worms into the machine or to take it over via
remote shell using broken browsers are far and few, and more difficult
to exploit.

In the meantime, people are going to be running under one of two
assumptions.  Either things stay as they are until then, and people
write more and more broken code; or we take care of this years in
advance, and people are mindful of it while there's only a few things
that break anyway.

In Windows, certain features were documented as working a certain way.
They didn't really, but people were mindful enough that compilers
properly marked segments as executable when they had to be, even though
they'd work if they didn't.  Programmers used their Virtual* functions
to mark memory executable explicitly.  Sometimes, programmers figured
out it didn't matter, and didn't; and when DEP[1] came out, most
programs actually worked under it, aside from those few (or so I've been

We're in the same situation.  We have a few things that break.  We
either enforce this now, or wait until there's a problem.  If we wait,
we'll have a lot of shit breaking.

PaX is a one-time cost.  The longer you wait, the higher that cost is
going to be.  It won't bother the user later once the community adjusts.

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -


More information about the ubuntu-devel mailing list