[Secure-testing-team] debconf9
Moritz Muehlenhoff
jmm at inutil.org
Tue Jul 28 08:49:57 UTC 2009
On Mon, Jul 27, 2009 at 11:23:58PM -0400, Michael S. Gilbert wrote:
> On Mon, 27 Jul 2009 12:05:35 +1000 Steffen Joeris wrote:
> - execshield or grsecurity by default to harden the kernel. i brought
> this up to the kernel team, but they consider it to be a hinderance and
> undesirable since it is non-vanilla. however, it would be very useful
> since, for example, fedora was immune to the /dev/mem rootkit issue due
> to their use of execshield. maybe Dann Frazier would have
> interest/clout to push for this?
The NX emulation bits of exec_shield cannot be sensibly merged into the
Debian kernel and the rest has been merged into mainline more or less.
It's only affecting legacy i386 CPUs anyway.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list