1 |
On 19 Nov 2007 at 11:38, RB wrote: |
2 |
|
3 |
> > And how about PaX? Is it really so unlikely to be necessary on PC or |
4 |
> > laptop for personal use? |
5 |
> |
6 |
> Not unlikely, but it presumes a compromised local account |
7 |
|
8 |
actually it assumes the exact opposite as it's a protection mechanism |
9 |
against remote attacks, not local ones. in fact, there's no protection |
10 |
on the planet that will prevent an untrusted local user from elevating |
11 |
privileges (because there's no generic solution against real life bugs |
12 |
in the TCB itself). |
13 |
|
14 |
as for why you want PaX on a desktop: not only because since day one |
15 |
that was my primary use case (not servers, believe it or not), but |
16 |
because client side attacks against browsers, mail/VOIP/IM/etc clients |
17 |
are very real in today's internet. |
18 |
|
19 |
> but some of it's controls may interfere with the operation of virtual |
20 |
> machines. |
21 |
|
22 |
only KERNEXEC should (and even that is fixable if someone's so inclined). |
23 |
|
24 |
|
25 |
-- |
26 |
gentoo-hardened@g.o mailing list |