On Tue, Nov 04, 2003 at 12:39:46PM +0100, Peter Busser said
> > On Tue, 04 Nov 2003, Peter Busser wrote:
> > > In fact, anyone can do it Russell, I'm pretty sure even you can do
> > > it:
> > Why not volunteer to make the .deb, get a sponsor and get it uploaded
> > then?
>
> Good idea! Already did
> yes. It's a compatible opt-in for something that cannot be enabled for all
> binaries, instead of an opt-out. You say it's a bug, i say it's a feature.
> A really bad analogy: it's like spam, you want to opt-in not opt-out ;)
That is indeed a really bad analogy. Security shouldn't be as unwan
On Tue, 4 Nov 2003 [EMAIL PROTECTED] wrote:
> [...] Exec-shield "can" stop, but "will" stop is a completely different
> matter. I'll let the bugfixed paxtest tell this story, however.
i am 100% sure that by taking the range-property of exec-shield into
account you can construct 'bugfixed' mappin
On Tue 4 November, spender wrote:
> I've spared you your precious time and gone ahead and done this for
> you.
You might have a better reception if you dropped the attitude.
Anyone reading the thread will quickly form the opinion that maintaining
PaX within Debian would likely require frequent i
On Tue, 4 Nov 2003 [EMAIL PROTECTED] wrote:
> [...] the main point of my argument: exec-shield=2 means enabling
> exec-shield on all binaries but the ones it is disabled for. This would
> be a secure-by-default design, and yet it's being recommended for
> "testing purposes" only? [...]
yes. It
On Tue, Nov 04, 2003 at 06:49:58PM +0100, Ingo Molnar wrote:
>
> On Tue, 4 Nov 2003 [EMAIL PROTECTED] wrote:
>
> > [...] Are you so certain that Exec-shield stops execution in shared
> > library bss/data? [...]
>
> no, it doesnt, this is the main (and pretty much only) substantial
> difference b
On Tue, Nov 04, 2003 at 07:51:52PM +0100, Josselin Mouette wrote:
> Le mar 04/11/2003 à 16:56, [EMAIL PROTECTED] a écrit :
> > Also, I think both you and Ingo will be interested to see the results of
> > a bugfixed version of paxtest. Are you so certain that Exec-shield
> > stops execution in sh
Le mar 04/11/2003 à 16:56, [EMAIL PROTECTED] a écrit :
> Also, I think both you and Ingo will be interested to see the results of
> a bugfixed version of paxtest. Are you so certain that Exec-shield
> stops execution in shared library bss/data? Or did you just say it
> because that's what a pr
On Tue, 4 Nov 2003 [EMAIL PROTECTED] wrote:
> [...] Are you so certain that Exec-shield stops execution in shared
> library bss/data? [...]
no, it doesnt, this is the main (and pretty much only) substantial
difference between exec-shield and PaX. Exec-shield will stop execution in
ET_EXEC binary
On Tue, Nov 04, 2003 at 10:56:23AM -0500, [EMAIL PROTECTED] wrote:
> Now surely, Russell, a "security expert" such as yourself is capable of
> copy+pasting that last reject in the file. Doing this took one minute.
> I would imagine this was much less time than it took for you to write
> your i
> Also note that I use LSM on all my kernels, so anything that conflicts with
> LSM is something that I have no ability to test and therefore no interest in
> maintaining. I'm sure I could get PaX working with LSM, but it would take
> some work. Anyway I'll look into this matter after I upload
On Tue, 4 Nov 2003 19:53, Peter Busser wrote:
> > I volunteered to make a package for exec-shield because it meets the
> > Debian criteria, I have time to do it, and it interests me. PaX would
> > take much more time so I can't do it.
>
> You cannot do it or you don't want to do it? In fact, anyon
Peter Busser <[EMAIL PROTECTED]> writes:
> > I volunteered to make a package for exec-shield because it meets
> > the Debian criteria, I have time to do it, and it interests me.
> > PaX would take much more time so I can't do it.
>
> You cannot do it or you don't want to do it? In fact, anyone ca
Peter Busser wrote:
Summary: i can see no significant differences between the paxtest output -
all the differences seem to be bogus, see the details below.
Fact is: There is a difference in paxtest output between PaX and exec-shield.
And it is not a difference in exec-shield's advantage.
Peter, no
Peter Busser <[EMAIL PROTECTED]> writes:
>> On Tue, 04 Nov 2003, Peter Busser wrote:
>> > In fact, anyone can do it Russell, I'm pretty sure even you can do
>> > it:
>> Why not volunteer to make the .deb, get a sponsor and get it uploaded
>> then?
>
> Good idea! Already did that in fact. So who do
On Tue, 4 Nov 2003, Peter Busser wrote:
> > the reply below is mostly a re-send of a mail i sent to you privately
> > but you repeat this argument again without any apparent answer to my
> > counter-arguments.
>
> I already suggested you to reread the PaX documentation, there are the
> answers
* Peter Busser ([EMAIL PROTECTED]) [031104 13:55]:
> You didn't touch the other facts in the list, because you know you don't have
> any proof to easily dismiss them. You would be my hero if you succeeded in
> improving on PaX. But in all honesty, exec-shield does not do that I'm afraid.
> In fact,
On Tue, Nov 04, 2003 at 12:39:46PM +0100, Peter Busser wrote:
> > Why not volunteer to make the .deb, get a sponsor and get it uploaded
> > then?
>
> Good idea! Already did that in fact. So who do I send this new kernel-source
> .deb to?
You can use the mentors service to exchange your packages w
Hi!
> the reply below mostly a re-sent of a mail i sent to you privately - but
> you repeat this argument again without any apparent answer to my
> counter-arguments.
I already suggested you to reread the PaX documentation, there are the answers
to your questions. There is no need to copy/paste i
Hi!
> [NB: When reponsding using the web archives, please get the References
> and In-Reply-To: correctly. You may also consider setting MFT:]
I can't post from the lists.debian.org site.
> On Tue, 04 Nov 2003, Peter Busser wrote:
> >> PaX would take much more time so I can't do it.
> >
> > You
On Tue, 4 Nov 2003, Peter Busser wrote:
> - Running paxtest shows the differences between PaX and exec-shield.
> Everyone is invited to run paxtest to see for yourself.
the reply below mostly a re-sent of a mail i sent to you privately - but
you repeat this argument again without any appar
Thomas Viehmann wrote:
> So, please don't start insulting and accusing people for doing good work
> and proposing to do even more of it. If there are technical reasons that
> cause you to prefer that exec-shield does not become part of Debian's
> standard kernel, just put them on the table, but sa
[NB: When reponsding using the web archives, please get the References
and In-Reply-To: correctly. You may also consider setting MFT:]
On Tue, 04 Nov 2003, Peter Busser wrote:
>> PaX would take much more time so I can't do it.
>
> You cannot do it or you don't want to do it?
Russell has made it
Hi!
> I volunteered to make a package for exec-shield because it meets the Debian
> criteria, I have time to do it, and it interests me. PaX would take much
> more time so I can't do it.
You cannot do it or you don't want to do it? In fact, anyone can do it Russell,
I'm pretty sure even you ca
* Tiago Assumpção <[EMAIL PROTECTED]> [031103 17:48]:
> I won't say here that Red Hat, Inc. would be manipulating information
> to force Debian users to use one of their products, because I would be going
> down, at the same level as Coker.
This should be teached in schoolbooks as paralipsis. And
On Mon, Nov 03, 2003 at 02:26:42PM -0300, Tiago AssumpÃÃo wrote:
> First of all, maybe the most important, we have the freedom problem here.
> Itïs CLEAR, after analyzing his own words, that our friend Russell Coker
> has a big interest of getting Exec-shield as part of Debian Linux.
> That becomes
On 03-Nov-03, 11:26 (CST), Tiago Assump??o <[EMAIL PROTECTED]> wrote:
> First of all, maybe the most important, we have the freedom problem here.
> It?s CLEAR, after analyzing his own words, that our friend Russell Coker
> has a big interest of getting Exec-shield as part of Debian Linux.
> That b
27 matches
Mail list logo