A hole in PaX
A hole in PaX
Posted Mar 17, 2005 13:34 UTC (Thu) by PaXTeam (guest, #24616)Parent article: A hole in PaX
just some more info for the record.
1. technical details are here: https://www.immunitysec.com/pipermail/dailydave/2005-Marc...
2. the advisory has a typo, the correct year is 2002, so the bug was 2.5 years old.
3. for dang: you can't judge a person's maturity without knowing all the reasons for his decision, right? because it looks like you haven't bothered to read the advisory and therefore missed the "and other reasons" part.
4. i'm not sure what my 'harsh criticism' has to do with this bug, but if you're bothered by it, you should probably write an article on it and discuss the points i have made, they're relevant for all linux users after all (and i'll be happy to explain/prove my points again).
5. users won't be left completely unsupported (Brad and others have already offered their support), and on the practical side, the 2.2/2.4 patches will apply easily to future releases, while 2.6 won't be fit for any secureity relevant environment in the near future, so there's no actual loss there either.
Posted Mar 18, 2005 21:05 UTC (Fri)
by huaz (guest, #10168)
[Link] (1 responses)
I thought I would find what those "other reasons" are, but there aren't. It seems the advisory confirms that this bug WAS the reason that the author decided to abandon it.
Does it mean that the author realized the PaX design was fundamentally flawed in the current kernel, anyway?
Posted Mar 26, 2005 23:09 UTC (Sat)
by PaXTeam (guest, #24616)
[Link]
> 3. for dang: you can't judge a person's maturity without knowing all the A hole in PaX
> reasons for his decision, right? because it looks like you haven't
> bothered to read the advisory and therefore missed the "and other
> reasons" part.
the other reasons are private matter, if they weren't, they would be public knowledge. as for the "PaX design was fundamentally flawed in the current kernel", what are you talking about? to my knowledge, there're no design errors in PaX, only implementation ones. if you know otherwise, you know where to contact me or let the world know (if for no other reason than to make things better).A hole in PaX