> lets be clear, you d have to check for each and every new version of > each and every binary you ship to add this "allowed to skack exec or > whatever other dirty memory trick" flag whenever the upstream added a > bug or a backdoor.
also automatically adding this flag everywhere completely defeats the purpose of those security patches, you just say "wow this program have a backdoor, cool its allowed, dont even log that" to your grsec kernel, why not ship a grsec kernel with no security options enabled then ? or just use vanilla ;) _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
