| 1 |
On 19 Nov 2007 at 11:38, RB wrote: |
| 2 |
|
| 3 |
> > And how about PaX? Is it really so unlikely to be necessary on PC or |
| 4 |
> > laptop for personal use? |
| 5 |
> |
| 6 |
> Not unlikely, but it presumes a compromised local account |
| 7 |
|
| 8 |
actually it assumes the exact opposite as it's a protection mechanism |
| 9 |
against remote attacks, not local ones. in fact, there's no protection |
| 10 |
on the planet that will prevent an untrusted local user from elevating |
| 11 |
privileges (because there's no generic solution against real life bugs |
| 12 |
in the TCB itself). |
| 13 |
|
| 14 |
as for why you want PaX on a desktop: not only because since day one |
| 15 |
that was my primary use case (not servers, believe it or not), but |
| 16 |
because client side attacks against browsers, mail/VOIP/IM/etc clients |
| 17 |
are very real in today's internet. |
| 18 |
|
| 19 |
> but some of it's controls may interfere with the operation of virtual |
| 20 |
> machines. |
| 21 |
|
| 22 |
only KERNEXEC should (and even that is fixable if someone's so inclined). |
| 23 |
|
| 24 |
|
| 25 |
-- |
| 26 |
gentoo-hardened@g.o mailing list |
Archives