Date: Thu, 27 Oct 2005 20:17:02 +0000 From: db <db@traceroute.dk> To: Jimmy Scott <jimmy@inet-solutions.be>, freebsd-security@freebsd.org Subject: Re: Non-executable stack Message-ID: <200510272017.02565.db@traceroute.dk> In-Reply-To: <20051027195842.GA19013@ada.devbox.be> References: <200510270608.51571.db@traceroute.dk> <200510271511.36004.db@traceroute.dk> <20051027195842.GA19013@ada.devbox.be>
index | next in thread | previous in thread | raw e-mail
On Thursday 27 October 2005 19:58, you wrote: > > Ok thanks, but I was looking for a kernel level patch. Btw which ports > > will break? > > I did not keep a list, but as far as I remember, the 'pure-pw' binary > from pure-ftpd was the last thing that failed. Because it was not > visible in first place (the port builded fine), I decided the risk of > breaking things without noticing it was not worth it. Ok, I was planing on using pure-ftpd. > I don't mean that it's a bad thing, but it will cost you some time to > find the bugs, report the bugs and get them fixed. And if you are > willing to use it in a production environment, you have to fully test > the software eacht time you are upgrading to be sure things will not > break. It's also not officially supported as far as I know. I'm not a kernel hacker and only have access to ia32, so I can't help develop or test it, but I hope someone with the right skills and means also think it's about time we give the admins and users the option of a non-executable stack (and heap). If I can help in any way I will. Maybe my next computer will be an AMD64, I think it must be the cheapest of the platforms with hardware support for execute and read permission distinction on memory? Best regards dbhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510272017.02565.db>