article on security of various linux
gmaxwell at gmail.com
Thu Sep 9 14:30:57 UTC 2010
On Thu, Sep 9, 2010 at 9:45 AM, Neal Becker <ndbecker2 at gmail.com> wrote:
> This article:
> seems to say that fedora is ranking poorly in deployment of various
> userspace memory protection mechanisms. Is this information accurate?
I asked about one point of this on LWN:
Library randomization / prelink
Posted Sep 8, 2010 18:26 UTC (Wed) by gmaxwell (subscriber, #30048) [Link]
Anyone know how the library randomization is being counted? 3 bits for
fedora doesn't sound right. Is the 3 bits the value for a system vs
itself or for this system vs all other systems?
To which I got this reply:
Posted Sep 8, 2010 19:58 UTC (Wed) by kbad (subscriber, #61983) [Link]
>From the pax dev (gentoo-hardened list):
"a note here: fedora uses exec-shield which maps libraries in two different
regions: ascii-armor (lower 16MB) and the rest. i think what paxtest
measured there is the former where the usable entropy is necessarily
less than elsewhere and may not be representative of real life apps
and their address spaces (not saying the whole ascii-armor region is
worth anything for security though ;)"
More information about the devel