upstream exec-shield git tree
Kees Cook
kees at ubuntu.com
Wed Nov 10 16:30:31 UTC 2010
Hi Ingo,
On Wed, Nov 10, 2010 at 09:00:10AM +0100, Ingo Molnar wrote:
> * Kees Cook <kees at ubuntu.com> wrote:
> > On Tue, Nov 09, 2010 at 10:54:51AM -0800, Kees Cook wrote:
> >
> > > I suspect another factor may be that paxtest can give inconsistent output when
> > > doing the ASLR test.
> >
> > Actually, in looking at paxtest, it's reporting correctly. I'm not sure what other
> > patches are in the Fedora kernel, but it seems like while Ubuntu's entropy with
> > ascii-armor aslr is bad, Fedora's is even worse.
>
> There used to be some anti-Fedora PR in paxtest circles (which we can ignore), but
> where the tool reported numbers i always found it to be accurate (which we shouldn't
> ignore).
Yeah, that's why I replicated it externally, just to allay any fears about
paxtest itself.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the kernel
mailing list