On Thu, May 27, 2010 at 11:43:47AM -0700, Roland McGrath wrote:
> The "x86: brk away from exec rand area" patch
represents a fix to a real
> problem, though, so at the very least, please review that one. It's a
> corner case only for PIE, but it does happen. There might be a more
> elegant solution, but my patch seems to do the job.
Ok. I think this should be reviewed in the normal upstream way, with x86
maintainers CC'd, not just by us.
I actually don't care about the details of the knobs at all. I
that one knob called "exec-shield" is indefensibly random and unhelpful.
You need to work this out with Ingo and the other x86 maintainers. Other
Fedora kernel folks might have some input based on concrete concerns from
the past. Personally, I've never had a use for any of these knobs.
The only time I recall them ever being useful was when execshield was in
development, and we'd get users to disable certain features to try and determine
which was failing. These days, I bet no-one ever touches the knobs.