-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
> On Tue, 2005-03-29 at 14:07 -0500, John Richard Moser wrote:
>
>>-BEGIN PGP SIGNED MESSAGE-
[...]
>>/me shrugs. It's a security blanket for him mostly; he fears automagic
>>security maintainence.
>
>
> who is "
On Tue, 2005-03-29 at 14:07 -0500, John Richard Moser wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
>
> Arjan van de Ven wrote:
> >>>H you either need an executable stack or you don't. Can you explain
> >>>why you think there is a strong advantage for a "neutral" setting on
>
On Tue, 2005-03-29 at 03:29 -0500, John Richard Moser wrote:
> >>MF_PAX_PAGEEXEC
> >> ON: ET_EXEC enforced. Stack NX. Heap NX. Code PROT_EXEC.
> >> OFF: Stack and heap default to +X
> >> The PAGEEXEC flag will basically mandate the automated non-executable
> >> setting for the stack and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Richard Moser wrote:
>
>
> Arjan van de Ven wrote:
>
[...]
Three more notes, then I'll sleep. These notes won't include the two
paragraph long explaination of falling back to PT_GNU_STACK if
PT_PAX_FLAGS isn't there; compatibility has been
On Tue, 2005-03-29 at 02:53 -0500, John Richard Moser wrote:
> Right now, my rough sketch is:
>
> MF_PAX_PAGEEXEC
> ON: ET_EXEC enforced. Stack NX. Heap NX. Code PROT_EXEC.
> OFF: Stack and heap default to +X
> The PAGEEXEC flag will basically mandate the automated non-executable
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
>>You need to consider that in the end I'd need PT_GNU_STACK to do
>>everything PaX wants
>
>
> why?
> Why not have independent flags for independent things?
> That way you have both cleanness of design and you don't break a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
>>You need to consider that in the end I'd need PT_GNU_STACK to do
>>everything PaX wants
>
>
> why?
> Why not have independent flags for independent things?
> That way you have both cleanness of design and you don't break a
>
> You need to consider that in the end I'd need PT_GNU_STACK to do
> everything PaX wants
why?
Why not have independent flags for independent things?
That way you have both cleanness of design and you don't break anything.
> The point is
> to not break anything, yet to still make things easie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Brandon Hale wrote:
>>>actually Linus was really against adding non-related things to this
>>>flag. And I think he is right...
>>>
>
>
> Makes sense to me.
>
>
[...]
>
> IMO you have this backwards, John. Rather than having the majority (ES,
> > actually Linus was really against adding non-related things to this
> > flag. And I think he is right...
> >
Makes sense to me.
> I'm not interested in altering and hacking up PT_GNU_STACK; PT_PAX_FLAGS
> already supplies enough to do what I want. My goal is to have
> PT_PAX_FLAGS code in m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
> On Mon, 2005-03-28 at 13:50 -0500, John Richard Moser wrote:
>
>>-BEGIN PGP SIGNED MESSAGE-
>>Hash: SHA1
>>
>>
>>
>>Arjan van de Ven wrote:
>>
As I understand, PT_GNU_STACK uses a single marking to control wheth
On Mon, 2005-03-28 at 13:50 -0500, John Richard Moser wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
>
> Arjan van de Ven wrote:
> >>As I understand, PT_GNU_STACK uses a single marking to control whether a
> >>task gets an executable stack and whether ASLR is applied to the
> >>exe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arjan van de Ven wrote:
>>As I understand, PT_GNU_STACK uses a single marking to control whether a
>>task gets an executable stack and whether ASLR is applied to the
>>executable.
>
>
> you understand wrongly.
>
> PT_GNU_STACK just sets the exec p
> As I understand, PT_GNU_STACK uses a single marking to control whether a
> task gets an executable stack and whether ASLR is applied to the
> executable.
you understand wrongly.
PT_GNU_STACK just sets the exec permission for the stack (and the heap
now mirrors the stack). Nothing more nothing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings.
Currently I'm in need of some information about both vanilla and Exec
Shield kernels in regards to markings emitted by the toolchain,
specifically PT_GNU_STACK. I'd like to check my assumptions, in
preparation for possibly making a non-int
15 matches
Mail list logo
