On Thu, Sep 9, 2010 at 9:45 AM, Neal Becker <ndbecker2@xxxxxxxxx> wrote: > This article: > > http://labs.mwrinfosecurity.com/notices/security_mechanisms_in_linux_environment__part_1___userspace_memory_protection/ > > seems to say that fedora is ranking poorly in deployment of various > userspace memory protection mechanisms. Is this information accurate? I asked about one point of this on LWN: Library randomization / prelink Posted Sep 8, 2010 18:26 UTC (Wed) by gmaxwell (subscriber, #30048) [Link] Anyone know how the library randomization is being counted? 3 bits for fedora doesn't sound right. Is the 3 bits the value for a system vs itself or for this system vs all other systems? To which I got this reply: Posted Sep 8, 2010 19:58 UTC (Wed) by kbad (subscriber, #61983) [Link] >From the pax dev (gentoo-hardened list): "a note here: fedora uses exec-shield which maps libraries in two different regions: ascii-armor (lower 16MB) and the rest. i think what paxtest measured there is the former where the usable entropy is necessarily less than elsewhere and may not be representative of real life apps and their address spaces (not saying the whole ascii-armor region is worth anything for security though ;)" -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
