1 |
On Hét, Május 7, 2007 12:08, pageexec@××××××××.hu wrote: |
2 |
> On 3 May 2007 at 14:47, Miguel Sousa Filipe wrote: |
3 |
> |
4 |
>> In LISP, data and code are one and the same, so all hardened profiles |
5 |
>> believe that any LISP environment is "violating" simple principles |
6 |
>> such has"executing data". |
7 |
>> |
8 |
>> Having heap and stack without execution permissions invalidate the use |
9 |
>> of LISP .. since it needs do execute data. |
10 |
>> |
11 |
>> I've don't recall being able to use lisp on setups where the process |
12 |
>> heap is not executable. But I could be proven wrong... |
13 |
> |
14 |
> runtime code generation is very well possible under hardened setups, |
15 |
> it's just that it must be enabled explicitly for the apps that need |
16 |
> it, it's no longer granted by default. on gentoo/PaX setups you'd |
17 |
> use paxctl -m which is normally done by the ebuild, see e.g., java. |
18 |
> |
19 |
> however there're programs which need this exemption during build |
20 |
> already - that case requires more work to handle as we have to |
21 |
> figure out where and how to patch the build system of the given |
22 |
> package. there're also issues with text relocations, some of which |
23 |
> require serious programming work to fix (see e.g., bug 134403). |
24 |
I'm aware of these difficulties. That's why I've already abandoned this |
25 |
idea. At least for some time. |
26 |
|
27 |
Regards, |
28 |
Dw. |
29 |
|
30 |
-- |
31 |
dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962 |
32 |
Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962 |
33 |
|
34 |
-- |
35 |
gentoo-hardened@g.o mailing list |