On Mon, Oct 26, 2009 at 09:41:59PM +0100, Christoph Anton Mitterer wrote: > Ever thought about integrating PaX [0] per default in Debian?
What features does the grsecurity patch provide currently? I know that several of the mentioned PaX features are supported in vanilla kernel in the meantime: - Non-executable memory on x86-32 with PAE. - Randomized stack and heap bases. - /dev/mem is highly restricted now, /dev/kmem removed. What would be a step forward: - Move all newer x86 32bit machines to PAE to support non-executable pages. - Make any code PIC, including binaries (PIE) and static libs. > I'm however not sure how much this actually breaks ;) It takes to much compile time configuration, so don't even think about it. Bastian -- Phasers locked on target, Captain. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
