On Tue, Nov 09, 2010 at 09:48:03AM -0800, Kees Cook wrote:
Well, this makes it easy! Just take all my patches. ;) Seriously,
though,
I actually do care about this patchset since way too many people still have
crappy hardware or crappier BIOSes that disable NX, so I think this is
still important to keep around.
So, how about this as the current position:
- nx-emu only has value on 32bit when NX is unavailable
- ascii-armor only has utility when used with nx-emu
If we can agree on this, then Fedora and Ubuntu will be on the same page,
and we can share the same entire patchset (including my pending patch).
sounds ok to me.
On the subject of randomisation, this article..
http://labs.mwrinfosecurity.com/notices/assessing_the_tux_strength_part_2...
bugged me. Notably the discrepancy between Fedora and everyone else on the shlib test.
I didn't get around to testing whether this was a side-effect of the ascii-armor
patch.
I also couldn't reproduce the results the article author noted, on 32bit or 64bit,
but iirc, it was still lower than the results for everyone else.
any ideas for what could be the cause ?
Dave