upstream exec-shield git tree
Dave Jones
davej at redhat.com
Tue Nov 9 18:05:06 UTC 2010
On Tue, Nov 09, 2010 at 09:48:03AM -0800, Kees Cook wrote:
> Well, this makes it easy! Just take all my patches. ;) Seriously, though,
> I actually do care about this patchset since way too many people still have
> crappy hardware or crappier BIOSes that disable NX, so I think this is
> still important to keep around.
>
> So, how about this as the current position:
>
> - nx-emu only has value on 32bit when NX is unavailable
> - ascii-armor only has utility when used with nx-emu
>
> If we can agree on this, then Fedora and Ubuntu will be on the same page,
> and we can share the same entire patchset (including my pending patch).
sounds ok to me.
On the subject of randomisation, this article..
http://labs.mwrinfosecurity.com/notices/assessing_the_tux_strength_part_2_into_the_kernel/
bugged me. Notably the discrepancy between Fedora and everyone else on the shlib test.
I didn't get around to testing whether this was a side-effect of the ascii-armor patch.
I also couldn't reproduce the results the article author noted, on 32bit or 64bit,
but iirc, it was still lower than the results for everyone else.
any ideas for what could be the cause ?
Dave
More information about the kernel
mailing list