Re: Non-executable stack

From: Jimmy Scott (jimmy_at_inet-solutions.be)
Date: 10/27/05

  • Next message: Ruslan Ermilov: "Re: Is it feasible to cross-build compat5x binary?"
    Date: Thu, 27 Oct 2005 21:58:42 +0200
    To: db <db@traceroute.dk>
    
    
    

    On Thu, Oct 27, 2005 at 03:11:35PM +0000, db wrote:
    > On Thursday 27 October 2005 06:35, you wrote:
    >
    > > http://www.research.ibm.com/trl/projects/security/ssp/buildfreebsd.html
    > >
    > > The patch should be for 5.x in general, I don't use it anymore since some
    > > ports will break, if you play with it you can disable it by default and
    > > enable it explicit when you are willing to compile a binary with it.
    >
    > Ok thanks, but I was looking for a kernel level patch. Btw which ports will
    > break?
    >

    I did not keep a list, but as far as I remember, the 'pure-pw' binary
    from pure-ftpd was the last thing that failed. Because it was not
    visible in first place (the port builded fine), I decided the risk of
    breaking things without noticing it was not worth it.

    I don't mean that it's a bad thing, but it will cost you some time to
    find the bugs, report the bugs and get them fixed. And if you are
    willing to use it in a production environment, you have to fully test
    the software eacht time you are upgrading to be sure things will not
    break. It's also not officially supported as far as I know.

    Kind regards,
    Jimmy Scott

    -- 
    People usually get what's coming to them ... unless it's been mailed.
    
    



  • Next message: Ruslan Ermilov: "Re: Is it feasible to cross-build compat5x binary?"

    Relevant Pages