[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Executable memory: further programs that fail



On Fri, 2003-11-21 at 13:09, Gerard Milmeister wrote:

> and I expect quite a number of other programs.
> If a program works flawlessly on Debian, SUSE, Mandrake etc...
> but doesn't on Fedora, I would consider this an incompatibility or, some
> might even say, a bug. I propose to disable exec-shield by default,
> however the feature may otherwise be, and giving the user (via a GUI
> perhaps) the option to "harden" the system. Maybe when exec-shield is
> incorporated into the standard kernel, and other distributions use it,
> and thereby software developers are forced to adapt their programs, it
> could be switched on by default. Maybe some of you will say, that the
> failing programs are not widely used anyway or are old, or both, imagine
> someone wanting to use them and asking themselves why it does work on
> Debian, ... but not on Fedora, and coming to obvious conclusions.

I prefer to default to the more secure mode, as is currently the case.

Not based on utility or quality of the failing programs - in fact I have
some commercial programs I cannot get away from that almost to a
certainty will require running without execshield. I just prefer to
default to the more secure stance. 

Either way, I will need to change some settings. But I'd prefer to find
at the start out because my app doesn't run, rather than at 3 in the AM
when my server has become owned and is launching a DDOS at the other
servers in the cluster.

Just my $0.02 worth.

-- 
Karl DeBisschop <kdebisschop alert infoplease com>
Pearson Education/Information Please




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]