Apologies to Crispin. I should have replied to the list.
---------- Forwarded message ----------
From: Rogelio Serrano <rogelio.serrano@private>
Date: Fri, 21 Jan 2005 09:06:28 +0800
Subject: Re: LSM patch for Linux-2.4.20-8
To: Crispin Cowan <crispin@private>
On Fri, 21 Jan 2005 09:05:25 +0800, Rogelio Serrano
<rogelio.serrano@private> wrote:
> [snipped...]
> > As Valdis points out, the OWLSM module does not implement the
> > non-executable stack feature, and there is no way that LSM could ever
> > let you implement a module that would provide the non-executable stack
> > feature. It is outside the scope of LSM's goal. LSM is there to provide
> > an API for access control modules.
> >
> > Crispin
> >
> [snipped...]
>
> Yes thats right. You need to get the non lsm OWL patch and extract the
> non_executable stack code or you can try the pax or openpax patches.
>
> The problem with these schemes is that it hides bugs.
>
Is there a way to have these kind of protection without hiding bugs.
Maybe the audit framework can help?
--
Blood is thicker than water... and much tastier
John Davidorff Pell
--
Blood is thicker than water... and much tastier
John Davidorff Pell
This archive was generated by hypermail 2.1.3 : Thu Jan 20 2005 - 17:08:34 PST