Date: Thu, 27 Oct 2005 20:17:02 +0000 From: db <db@traceroute.dk> To: Jimmy Scott <jimmy@inet-solutions.be>, freebsd-security@freebsd.org Subject: Re: Non-executable stack Message-ID: <200510272017.02565.db@traceroute.dk> In-Reply-To: <20051027195842.GA19013@ada.devbox.be> References: <200510270608.51571.db@traceroute.dk> <200510271511.36004.db@traceroute.dk> <20051027195842.GA19013@ada.devbox.be>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 27 October 2005 19:58, you wrote: > > Ok thanks, but I was looking for a kernel level patch. Btw which ports > > will break? > > I did not keep a list, but as far as I remember, the 'pure-pw' binary > from pure-ftpd was the last thing that failed. Because it was not > visible in first place (the port builded fine), I decided the risk of > breaking things without noticing it was not worth it. Ok, I was planing on using pure-ftpd. > I don't mean that it's a bad thing, but it will cost you some time to > find the bugs, report the bugs and get them fixed. And if you are > willing to use it in a production environment, you have to fully test > the software eacht time you are upgrading to be sure things will not > break. It's also not officially supported as far as I know. I'm not a kernel hacker and only have access to ia32, so I can't help develop or test it, but I hope someone with the right skills and means also think it's about time we give the admins and users the option of a non-executable stack (and heap). If I can help in any way I will. Maybe my next computer will be an AMD64, I think it must be the cheapest of the platforms with hardware support for execute and read permission distinction on memory? Best regards db
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510272017.02565.db>