I just read that PaX, Linux’s version of OpenBSD’s W^X and Windows XP SP2’s DEP, has a vulnerability that allows privilege escalation—pretty damning for something that’s supposed to dramatically improve security, cutting down the possibility of egregious buffer overflows.
This is a spectacular [mess]up, it pretty much destroys what PaX has
always stood and been trusted for. For this and other reasons, PaX
will be terminated on 1st April, 2005, a fitting date… Brad Spengler
offered to take it up but if you’re interested in helping as well,
contact pageexec freemail hu
I thought the ironic turn of events (security patches introducing egregious security problems) was interesting, but I’m sad to see PaX go—hopefully the project won’t die the fiery death its maintainer intends.
