[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Executable memory: further programs that fail



On Fri, 2003-11-21 at 20:33, Karl DeBisschop wrote:

> I prefer to default to the more secure mode, as is currently the case.
> 
> Not based on utility or quality of the failing programs - in fact I have
> some commercial programs I cannot get away from that almost to a
> certainty will require running without execshield. I just prefer to
> default to the more secure stance. 
> 
> Either way, I will need to change some settings. But I'd prefer to find
> at the start out because my app doesn't run, rather than at 3 in the AM
> when my server has become owned and is launching a DDOS at the other
> servers in the cluster.
> 
> Just my $0.02 worth.

One more program: xsb prolog

So is it alright to include in Fedora packages that require exec-shield
to be turned off? Should there be a wrapper-script that calls the main
executable with 'setarch'?
What I want to say is, that requiring everyone with problematic programs
to adapt to exec-shield is not possible, and including software that
simply doesn't work on a default setup isn't either. Simply ignoring
this software isn't going to boost Fedora's popularity.

-- 
Gérard Milmeister
Tannenrauchstrasse 35
8038 Zürich
gemi bluewin ch




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]