From owner-freebsd-security@FreeBSD.ORG Thu Oct 27 20:17:03 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2838C16A41F for ; Thu, 27 Oct 2005 20:17:03 +0000 (GMT) (envelope-from db@traceroute.dk) Received: from cicero0.cybercity.dk (cicero0.cybercity.dk [212.242.40.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id B92DF43D46 for ; Thu, 27 Oct 2005 20:17:02 +0000 (GMT) (envelope-from db@traceroute.dk) Received: from user3.cybercity.dk (user3.cybercity.dk [212.242.41.36]) by cicero0.cybercity.dk (Postfix) with ESMTP id 85FBB2A909; Thu, 27 Oct 2005 22:17:00 +0200 (CEST) Received: from trinita (port132.ds1-arsy.adsl.cybercity.dk [212.242.239.73]) by user3.cybercity.dk (Postfix) with ESMTP id 2BD0793D20; Thu, 27 Oct 2005 22:17:00 +0200 (CEST) From: db To: Jimmy Scott , freebsd-security@freebsd.org Date: Thu, 27 Oct 2005 20:17:02 +0000 User-Agent: KMail/1.8.2 References: <200510270608.51571.db@traceroute.dk> <200510271511.36004.db@traceroute.dk> <20051027195842.GA19013@ada.devbox.be> In-Reply-To: <20051027195842.GA19013@ada.devbox.be> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200510272017.02565.db@traceroute.dk> Cc: Subject: Re: Non-executable stack X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2005 20:17:03 -0000 On Thursday 27 October 2005 19:58, you wrote: > > Ok thanks, but I was looking for a kernel level patch. Btw which ports > > will break? > > I did not keep a list, but as far as I remember, the 'pure-pw' binary > from pure-ftpd was the last thing that failed. Because it was not > visible in first place (the port builded fine), I decided the risk of > breaking things without noticing it was not worth it. Ok, I was planing on using pure-ftpd. > I don't mean that it's a bad thing, but it will cost you some time to > find the bugs, report the bugs and get them fixed. And if you are > willing to use it in a production environment, you have to fully test > the software eacht time you are upgrading to be sure things will not > break. It's also not officially supported as far as I know. I'm not a kernel hacker and only have access to ia32, so I can't help develop or test it, but I hope someone with the right skills and means also think it's about time we give the admins and users the option of a non-executable stack (and heap). If I can help in any way I will. Maybe my next computer will be an AMD64, I think it must be the cheapest of the platforms with hardware support for execute and read permission distinction on memory? Best regards db