1 |
Hi, |
2 |
|
3 |
On 5/2/07, atoth@××××××××××.hu <atoth@××××××××××.hu> wrote: |
4 |
> I was about to install maxima on two boxes - both of them are |
5 |
> Hardened/Grsec with the pie-ssp toolchain and PaX. |
6 |
> Since maxima needs a Common Lisp implementation, I would have to install |
7 |
> one of them. I didn't succeded: clisp and cmucl fails with various errors. |
8 |
> It seems to me, that both of these are related to the hardened features of |
9 |
> the machines. The third available option is sbcl, which explicitly |
10 |
> instructs hardened users to switch to vanilla profile in order to achieve |
11 |
> a succesful installation. |
12 |
> |
13 |
> Are there any possibilities for hardened users for a common lisp |
14 |
> implementation without lowering the security measures of their systems? |
15 |
> |
16 |
|
17 |
All this hardened setups live in "tradicional C world" were data and |
18 |
code are two separate things. |
19 |
They enforce that quite heavily... |
20 |
|
21 |
In LISP, data and code are one and the same, so all hardened profiles |
22 |
believe that any LISP environment is "violating" simple principles |
23 |
such has"executing data". |
24 |
|
25 |
Having heap and stack without execution permissions invalidate the use |
26 |
of LISP .. since it needs do execute data. |
27 |
|
28 |
I've don't recall being able to use lisp on setups where the process |
29 |
heap is not executable. But I could be proven wrong... |
30 |
|
31 |
Best regards, |
32 |
|
33 |
> Regards, |
34 |
> Dw. |
35 |
> |
36 |
> -- |
37 |
> dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, 06-30-5962-962 |
38 |
> Attila Toth MD, Radiologist in Training, +36-20-825-8057, +36-30-5962-962 |
39 |
> |
40 |
> |
41 |
> |
42 |
> -- |
43 |
> gentoo-hardened@g.o mailing list |
44 |
> |
45 |
> |
46 |
|
47 |
|
48 |
-- |
49 |
Miguel Sousa Filipe |
50 |
-- |
51 |
gentoo-hardened@g.o mailing list |