On Tue, Nov 04, 2003 at 12:39:46PM +0100, Peter Busser said
On Tue, 04 Nov 2003, Peter Busser wrote:
In fact, anyone can do it Russell, I'm pretty sure even you can do
it:
Why not volunteer to make the .deb, get a sponsor and get it uploaded
then?
Good idea! Already did that in
Hi!
I volunteered to make a package for exec-shield because it meets the Debian
criteria, I have time to do it, and it interests me. PaX would take much
more time so I can't do it.
You cannot do it or you don't want to do it? In fact, anyone can do it Russell,
I'm pretty sure even you can
[NB: When reponsding using the web archives, please get the References
and In-Reply-To: correctly. You may also consider setting MFT:]
On Tue, 04 Nov 2003, Peter Busser wrote:
PaX would take much more time so I can't do it.
You cannot do it or you don't want to do it?
Russell has made it
Thomas Viehmann wrote:
So, please don't start insulting and accusing people for doing good work
and proposing to do even more of it. If there are technical reasons that
cause you to prefer that exec-shield does not become part of Debian's
standard kernel, just put them on the table, but save
On Tue, 4 Nov 2003, Peter Busser wrote:
- Running paxtest shows the differences between PaX and exec-shield.
Everyone is invited to run paxtest to see for yourself.
the reply below mostly a re-sent of a mail i sent to you privately - but
you repeat this argument again without any
Hi!
[NB: When reponsding using the web archives, please get the References
and In-Reply-To: correctly. You may also consider setting MFT:]
I can't post from the lists.debian.org site.
On Tue, 04 Nov 2003, Peter Busser wrote:
PaX would take much more time so I can't do it.
You cannot
Hi!
the reply below mostly a re-sent of a mail i sent to you privately - but
you repeat this argument again without any apparent answer to my
counter-arguments.
I already suggested you to reread the PaX documentation, there are the answers
to your questions. There is no need to copy/paste it
On Tue, Nov 04, 2003 at 12:39:46PM +0100, Peter Busser wrote:
Why not volunteer to make the .deb, get a sponsor and get it uploaded
then?
Good idea! Already did that in fact. So who do I send this new kernel-source
.deb to?
You can use the mentors service to exchange your packages with
* Peter Busser ([EMAIL PROTECTED]) [031104 13:55]:
You didn't touch the other facts in the list, because you know you don't have
any proof to easily dismiss them. You would be my hero if you succeeded in
improving on PaX. But in all honesty, exec-shield does not do that I'm afraid.
In fact,
On Tue, 4 Nov 2003, Peter Busser wrote:
the reply below is mostly a re-send of a mail i sent to you privately
but you repeat this argument again without any apparent answer to my
counter-arguments.
I already suggested you to reread the PaX documentation, there are the
answers to your
Peter Busser [EMAIL PROTECTED] writes:
On Tue, 04 Nov 2003, Peter Busser wrote:
In fact, anyone can do it Russell, I'm pretty sure even you can do
it:
Why not volunteer to make the .deb, get a sponsor and get it uploaded
then?
Good idea! Already did that in fact. So who do I send this
Peter Busser wrote:
Summary: i can see no significant differences between the paxtest output -
all the differences seem to be bogus, see the details below.
Fact is: There is a difference in paxtest output between PaX and exec-shield.
And it is not a difference in exec-shield's advantage.
Peter, no
Peter Busser [EMAIL PROTECTED] writes:
I volunteered to make a package for exec-shield because it meets
the Debian criteria, I have time to do it, and it interests me.
PaX would take much more time so I can't do it.
You cannot do it or you don't want to do it? In fact, anyone can do
it
On Tue, 4 Nov 2003 19:53, Peter Busser wrote:
I volunteered to make a package for exec-shield because it meets the
Debian criteria, I have time to do it, and it interests me. PaX would
take much more time so I can't do it.
You cannot do it or you don't want to do it? In fact, anyone can
Also note that I use LSM on all my kernels, so anything that conflicts with
LSM is something that I have no ability to test and therefore no interest in
maintaining. I'm sure I could get PaX working with LSM, but it would take
some work. Anyway I'll look into this matter after I upload an
On Tue, Nov 04, 2003 at 10:56:23AM -0500, [EMAIL PROTECTED] wrote:
Now surely, Russell, a security expert such as yourself is capable of
copy+pasting that last reject in the file. Doing this took one minute.
I would imagine this was much less time than it took for you to write
your
On Tue, 4 Nov 2003 [EMAIL PROTECTED] wrote:
[...] Are you so certain that Exec-shield stops execution in shared
library bss/data? [...]
no, it doesnt, this is the main (and pretty much only) substantial
difference between exec-shield and PaX. Exec-shield will stop execution in
ET_EXEC
Le mar 04/11/2003 à 16:56, [EMAIL PROTECTED] a écrit :
Also, I think both you and Ingo will be interested to see the results of
a bugfixed version of paxtest. Are you so certain that Exec-shield
stops execution in shared library bss/data? Or did you just say it
because that's what a
On Tue, Nov 04, 2003 at 07:51:52PM +0100, Josselin Mouette wrote:
Le mar 04/11/2003 à 16:56, [EMAIL PROTECTED] a écrit :
Also, I think both you and Ingo will be interested to see the results of
a bugfixed version of paxtest. Are you so certain that Exec-shield
stops execution in shared
On Tue, Nov 04, 2003 at 06:49:58PM +0100, Ingo Molnar wrote:
On Tue, 4 Nov 2003 [EMAIL PROTECTED] wrote:
[...] Are you so certain that Exec-shield stops execution in shared
library bss/data? [...]
no, it doesnt, this is the main (and pretty much only) substantial
difference between
On Tue, 4 Nov 2003 [EMAIL PROTECTED] wrote:
[...] the main point of my argument: exec-shield=2 means enabling
exec-shield on all binaries but the ones it is disabled for. This would
be a secure-by-default design, and yet it's being recommended for
testing purposes only? [...]
yes. It's a
On Tue 4 November, spender wrote:
I've spared you your precious time and gone ahead and done this for
you.
You might have a better reception if you dropped the attitude.
Anyone reading the thread will quickly form the opinion that maintaining
PaX within Debian would likely require frequent
On Tue, 4 Nov 2003 [EMAIL PROTECTED] wrote:
[...] Exec-shield can stop, but will stop is a completely different
matter. I'll let the bugfixed paxtest tell this story, however.
i am 100% sure that by taking the range-property of exec-shield into
account you can construct 'bugfixed' mapping
yes. It's a compatible opt-in for something that cannot be enabled for all
binaries, instead of an opt-out. You say it's a bug, i say it's a feature.
A really bad analogy: it's like spam, you want to opt-in not opt-out ;)
That is indeed a really bad analogy. Security shouldn't be as
On 03-Nov-03, 11:26 (CST), Tiago Assump??o [EMAIL PROTECTED] wrote:
First of all, maybe the most important, we have the freedom problem here.
It?s CLEAR, after analyzing his own words, that our friend Russell Coker
has a big interest of getting Exec-shield as part of Debian Linux.
That
On Mon, Nov 03, 2003 at 02:26:42PM -0300, Tiago Assumpo wrote:
First of all, maybe the most important, we have the freedom problem here.
Its CLEAR, after analyzing his own words, that our friend Russell Coker
has a big interest of getting Exec-shield as part of Debian Linux.
That becomes even
* Tiago Assumpção [EMAIL PROTECTED] [031103 17:48]:
I won't say here that Red Hat, Inc. would be manipulating information
to force Debian users to use one of their products, because I would be going
down, at the same level as Coker.
This should be teached in schoolbooks as paralipsis. And the
27 matches
Mail list logo
