Re: Debian Hardened project (question about use of the "Debian" trademark)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lorenzo Hernandez Garcia-Hierro wrote: [...] Good, at least you understand that :) |> |>Yes and then the program halts and gets SIGABRT. Do you not know what a |>DoS attack is? |> |>[...] | | | Duty of Shame ? | OK, leaving the Fun Mode off... | (here

Re: Debian Hardened project (question about use of the "Debian" trademark)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lorenzo Hernandez Garcia-Hierro wrote: | Hi John, | | El vie, 17-09-2004 a las 19:04, John Richard Moser escribió: | |>-BEGIN PGP SIGNED MESSAGE- |>Hash: SHA1 |> |> |> |>Lorenzo Hernandez Garcia-Hi

Re: Debian Hardened project (question about use of the "Debian" trademark)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lorenzo Hernandez Garcia-Hierro wrote: | Hi, | [...] | Debian Hardened is like Debian Junior, and the rest of subprojects. | *We* must provide the best (and the easiest) way to harden Debian for | advanced users, sysadmins or just people that want a re

PaX demo results, logs, reproduction data

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have completed an in-house test of a PaX demonstration. The demo includes the PaX patch; a patch I made to suppliment PaX with boot-time selection of NX mode; a script `pax-flags` to mark binaries with chpax/paxctl and execstack (to turn the executab

Re: PaX on Debian (Demo setup)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've got a chunk of data that can be used for a demo setup over here. I would like the help of any debian developers that would like to package up a set of kernels and the scripts that come with this and place them in a mini-repository, to give the dev

Re: PaX on Debian (Kernel Settings)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This post is also being forwarded to debian-kernel, as it contains the appropriate kernel settings. This is a continuation of the message from the debian-security and debian-devel lists, archived at http://lists.debian.org/debian-security/2004/07/msg00

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 GOTO Masanori wrote: | At Mon, 26 Jul 2004 15:38:37 -0400, | John Richard Moser wrote: | [...] | | | Is this VSYSCALL issue? I guess we can backport it without large | obstacle, but I have no spare time within a few days to work this bug | because

Re: PaX on Debian (Recap 1)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'll do a recapitulation of what has been covered thusfar in this message. It's a long one, but it'll get us all on the same channel. John Richard Moser wrote: | I'm interested in discussing the viability of PaX on Debian. I

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andres Salomon wrote: | On Mon, 2004-07-26 at 14:37 -0400, John Richard Moser wrote: | |>-BEGIN PGP SIGNED MESSAGE- |>Hash: SHA1 |> |> |> |>Andres Salomon wrote: |>| On Sun, 25 Jul 2004 12:57:29 -0400, Joh

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andres Salomon wrote: | On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote: | | | I'm interested in discussing the viability of PaX on Debian. I'd like | to discuss the changes to the base system that would be made, the costs | i

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Found a problem. Russell Coker wrote: | On Mon, 26 Jul 2004 02:57, John Richard Moser <[EMAIL PROTECTED]> wrote: [...] | | We have recently discussed this on at least one of the lists you posted to. | The end result of the discussion is that

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Russell Coker wrote: | On Mon, 26 Jul 2004 13:48, John Richard Moser <[EMAIL PROTECTED]> wrote: | |>| Before we can even start thinking about PaX on Debian we need to find a |>| maintainer for the kernel patch who will package new ver

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Russell Coker wrote: | On Mon, 26 Jul 2004 02:57, John Richard Moser <[EMAIL PROTECTED]> wrote: | |>I'm interested in discussing the viability of PaX on Debian. I'd like |>to discuss the changes to the base system that would b

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 . . . .thunderbird is being weird. It's giving me > where >> should be, and >> wehre > should be. EH. Andres Salomon wrote: | On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote: | | | I'm interested in discus

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve Kemp wrote: [...] |>Firefox sets off SSP itself on load. | | | When you say 'sets of' do you mean disable? I find that unlikely, | as it's not the kind of thing that can be disabled when all the | canary checking code is incorporated into th

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve Kemp wrote: | On Sun, Jul 25, 2004 at 02:26:15PM -0400, John Richard Moser wrote: | | |>| I have been flirting with SSP for months now, but the most recent |>| patches included with GCC do not apply cleanly. Watch for a bug |>| ag

Re: PaX security and kernel-patch-grsecurity2 and trustees

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hanasaki wrote: | what is the relationship between PaX, grsecurity and trustees? | PaX is a separate project from grsecurity. The grsecurity developer finds interest in PaX, and so supplies it with grsecurity. Dunno about trustees. | Will the kernel-p

Re: PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve Kemp wrote: | On Sun, Jul 25, 2004 at 12:57:29PM -0400, John Richard Moser wrote: | | |>A PaX protected base would also benefit from Stack Smash Protection, |>which can be done via the gcc patch ProPolice. | | | I have been flirting wi

PaX on Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm interested in discussing the viability of PaX on Debian. I'd like to discuss the changes to the base system that would be made, the costs in terms of overhead and compatibility, the gains in terms of security, and the mutability (elimination) of th