Executable memory: further programs that fail
Gerard Milmeister
gemi at bluewin.ch
Sat Nov 22 17:08:39 UTC 2003
On Fri, 2003-11-21 at 20:33, Karl DeBisschop wrote:
> I prefer to default to the more secure mode, as is currently the case.
>
> Not based on utility or quality of the failing programs - in fact I have
> some commercial programs I cannot get away from that almost to a
> certainty will require running without execshield. I just prefer to
> default to the more secure stance.
>
> Either way, I will need to change some settings. But I'd prefer to find
> at the start out because my app doesn't run, rather than at 3 in the AM
> when my server has become owned and is launching a DDOS at the other
> servers in the cluster.
>
> Just my $0.02 worth.
One more program: xsb prolog
So is it alright to include in Fedora packages that require exec-shield
to be turned off? Should there be a wrapper-script that calls the main
executable with 'setarch'?
What I want to say is, that requiring everyone with problematic programs
to adapt to exec-shield is not possible, and including software that
simply doesn't work on a default setup isn't either. Simply ignoring
this software isn't going to boost Fedora's popularity.
--
Gérard Milmeister
Tannenrauchstrasse 35
8038 Zürich
gemi at bluewin.ch
More information about the devel
mailing list