----- Original Message ----- > Hello Dave, > > I would like to send proposed patch set which can support > PaX linux introduced at http://grsecurity.net/ over crash utility. > > In previous thread, you said that it is important for current implementation > not to be increased maintenance burden. > > Then, I tolerably think to consider about them in my merge work with > small modifications to current code as possible. > But the reality is, there are several undesirable impacts which > I made in this work. > > So could you please check and make a conclusion from this patch set? > (Detail about modification are written in each patch file.) > > Thanks, > Toshi Well, as I mentioned before, I'm not particular interested in supporting kernel features that are not merged upstream, and I'm afraid that I'd be starting down a slippery slope by accepting this patch. I'm curious as to whether there is a reason that their code has not been accepted upstream? Have they attempted to get their patch merged and it was rejected? Or have they not even tried because of technical reasons? Anyway, I readily admit that I don't understand what the kernel patch and your patch do, and I appreciate the fact that you segregated *most* of the code with PAX() qualifiers. But I don't understand the concept behind the new NAMESPACE_PRELOAD/NAMESPACE_RESTORE, and why it should be imposed on the normal kernel module handling -- can't you segregate that code as well? Also, that "gap" calculation is not restricted to PAX()-only? And note that there is no modbuf leak in verify_module(), because all GETBUF-allocations are freed prior to the next command by restore_sanity(). But it certainly doesn't hurt to call FREEBUF(). BTW, do line numbers work correctly with these kinds of modules? Dave > -------- > Toshikazu Nakayama (9): > add PaX linux staff from linux-2.6.27. > setup PaX module structure members and pseudos > manufacture module's dumping symbol data > use IN_MODULE macros for ec->st_value > define new namespace command to sort by per module order > vefiry PaX module RW area, also fix leak > catch apt module symbol > sharpen vague module data with found out section > RW for lowest or highest module virtual address > > defs.h | 42 +++++++++++- > kernel.c | 58 ++++++++++++++++- > symbols.c | 221 > +++++++++++++++++++++++++++++++++++++++++++++++++++++-------- > 3 files changed, 291 insertions(+), 30 deletions(-) > > -- > Crash-utility mailing list > Crash-utility@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/crash-utility > -- Crash-utility mailing list Crash-utility@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/crash-utility
