btw, redhat-based distros are thought to be invulnerable to these attacks due their incorporation of execshield (in particular, due to address space randomization). perhaps it's high time that debian consider doing the same?
i know that execshield is not in the vanilla kernel, but when it comes to security, you have to admit that a lot is missing from the vanilla kernel. the default debian kernel should be hardened. period. you need to protect your users. it's disappointing when researchers can point to vista and say hey, they put an end to a lot of attacks in 2007 (via their address space randomization implementation); while in 2009 the same statement still can't be made for debian-derived distros. why is the linux kernel two years behind the state-of-the-art when it comes to security? why is redhat doing the right thing while debian does nothing? -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
