Auteur: Neo Futur Datum: Aan: Martijn Dekkers CC: dng Onderwerp: Re: [Dng] with pax flags, Java works fine - (was Hardened Devuan)
> lets be clear, you d have to check for each and every new version of > each and every binary you ship to add this "allowed to skack exec or
> whatever other dirty memory trick" flag whenever the upstream added a
> bug or a backdoor.
also automatically adding this flag everywhere completely defeats the
purpose of those security patches, you just say "wow this program have
a backdoor, cool its allowed, dont even log that" to your grsec
kernel, why not ship a grsec kernel with no security options enabled
then ? or just use vanilla ;)