On Fri, Aug 22, 2003 at 06:35:37PM -0400, Phillip Hofmeister wrote: > On Fri, 22 Aug 2003 at 10:32:27AM -0400, Matt Zimmerman wrote: > > It is often the case that the attacker doesn't know the exact location > > of structures in memory; there are techniques for finding out. I'm sure > > that the authors of PaX do not misrepresent it as complete protection. > > > > It's pointless to argue about it; it's clear that PaX provides some > > value in protection against security vulnerabilities, and I think it's > > also clear that because it will break many existing applications, it is > > not suitable for use by default. But there is no reason why a > > PaX-enabled kernel could not be provided as an option. All it needs is > > someone willing to do the work (hint, hint). > > I would be willing to maintain a grsec kernel image with PaX and temp. > file symlink blocking if someone would be willing to sponsor it (hint, > hint)
I really do not have the time to sponsor you, but would like to see this happen. If you put together reasonable packages and ask on the mailing lists, I don't think you'd have a problem finding a sponsor. There are a number developers who are interested in this. -- - mdz
