On Sat, 2005-12-10 at 01:23 +0100, Yoshinori K. Okuji wrote: > On Saturday 10 December 2005 12:32 am, Marco Gerards wrote: > > Anyways, my primary concerns are making things work and moving > > forwards to something that is releasable. Making GRUB work in a way > > so it works like everyone wants is secondary and not possible in > > practice. Paranoid security is secondary to me, but if we can get it > > for free without making a mess of the code, that would be great. > > Paranoid is called paranoid, because it is a disease. Many people tend to > forget that things are always based on a tradeoff. If such an attempt as > prohibiting all executable stacks is merely paranoid, we should not care > about it.
Except NX isn't just paranoid. In Fedora Core 3, 43% of our vulnerabilities did not apply to systems on which the hardware supported non-executable stacks. It's not a trivial number, and it wasn't all things that you could predict without using some "hypothetical" examples. Anyway, I certainly can't make you change the way you're doing something. I can say that if upstream GRUB 2 requires executable stacks in userland (post-boot) processes, then neither Fedora Core nor RHEL can ship anything very close to the upstream version of GRUB 2, because we very seriously consider this practice to be a major security problem. -- Peter _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
