[ubuntu-hardened] Re: Ubuntu Hardened work,
implementation and deployment schema
Lorenzo Hernández García-Hierro
lorenzo at gnu.org
Sun Mar 27 07:02:36 CST 2005
El dom, 27-03-2005 a las 06:25 -0500, Brandon Hale escribió:
> PaX by default at this point would be a maintainability nightmare. I'm
> sure you'll recall the maintainence problems in Gentoo. This will be
> greatly worsened by the retirement of PageExec, and the Ubuntu kernel
> team will surely not appreciate great delays and/or extra work for every
> upstream release (and some security issues, you will recall binfmt_elf).
Right, we can't assess with the overhead of deploying PaX *now*, we need
first to see the project "future" or at least, the possibilities of
using it without overloading our maintenance work.
> I've demoted PaX to Universe on our wiki page, but include PT_PAX_FLAGS
> in Main. This will still require a good discussion of the pros and cons
> of PT_PAX_FLAGS over PT_GNU_STACK, which is currently less intrusive and
> supported by ES and mainline NX code.
PT_GNU_STACK is the way to go, PT_PAX_FLAGS, if it doesn't add
unnecessary overhead, will be supported too.
We need to provide unified solutions, not whole-sale, specific ones
which will harm the project later.AKA support for upstream stuff, ala
mainline. ;)
> Besides the binutils patch I can't
> imagine any overhead added by simply supporting PT_PAX_FLAGS as well,
> however. If we begin marking packages at build/install time the
> duplication will be apperant however.
Right, I'm not an expert on the field, so, I would like to hear from
someone experienced in bothering with markings.
> PS, why did we make our own list and continue to CC -devel?
> Let's stop this on the next thread please.
Done.
I apologize, but some things should be tracked in both lists, anyways,
those interested should subscribe now :)
Cheers,
--
Lorenzo Hernández García-Hierro <lorenzo at gnu.org>
[1024D/6F2B2DEC] & [2048g/9AE91A22][http://tuxedo-es.org]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20050327/28c968d0/attachment.pgp
More information about the ubuntu-hardened
mailing list