Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 May 2012 12:09:27 +0800
From: Eugene Teo <eugeneteo@...il.com>
To: Solar Designer <solar@...nwall.com>
Cc: owl-dev@...ts.openwall.com, Petr Matousek <pmatouse@...hat.com>
Subject: Re: [GSoC] featues to port

On Thu, May 3, 2012 at 12:17 AM, Solar Designer <solar@...nwall.com> wrote:

> Vasily, Eugene, Petr, all -
>
> On Wed, May 02, 2012 at 07:28:06PM +0400, Vasily Kulikov wrote:
> > On Tue, May 01, 2012 at 08:17 +0400, Solar Designer wrote:
> > > Specifically, we want better support for exec_shield enforcing mode.
> > > RHEL5/6 kernels already support exec_shield=2 for this, but glibc would
> > > do an mprotect() +x anyway - so we were considering a way to inform
> > > glibc of this setting in the kernel, and indeed we'd need to patch
> glibc
> > > to recognize that.  Specifically, my suggestion was to use AT_FLAGS.
> >
> > I agree it can be AT_FLAGS.  But is it convenient for RH folks?
>
> Eugene, Petr - any comments?
>
> Vasily - maybe locate and post some links to most-relevant messages from
> kernel-hardening to help Eugene and Petr consider this?
>

I would prefer that we file a bug for this one, and post the information
there. Let me know the bug #..

Take note that we are extremely busy of late, so our replies may delay....

Eugene

[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ