* John Richard Moser <[EMAIL PROTECTED]> wrote:
> > There was a kernel-based randomization patch floating around at some
> > point, though. I think it's part of PaX. That's the one I hated.
>
> PaX and Exec Shield both have them; personally I believe PaX is a more
> mature technology, since it's 1) still actively developed, and 2) been
> around since late 2000. The rest of the community dissagrees with me
> of course, [...]
might this disagreement be based on the fact that exec-shield _is_ being
actively developed and is in active use in Fedora/RHEL, and that split
out portions of exec-shield (e.g. flexmmap, PT_GNU_STACK, NX) are
already in the upstream kernel?
(but no doubt PaX is fine and protects against exploits at least as
effectively as (and in some cases more effectively than) exec-shield, so
you've definitely not made a bad choice.)
Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
