Re: GRUB2 Build on Mac OS X

[Peter Jones]

On Sat, 2005-12-10 at 01:23 +0100, Yoshinori K. Okuji wrote:
> On Saturday 10 December 2005 12:32 am, Marco Gerards wrote:
> > Anyways, my primary concerns are making things work and moving
> > forwards to something that is releasable.  Making GRUB work in a way
> > so it works like everyone wants is secondary and not possible in
> > practice.  Paranoid security is secondary to me, but if we can get it
> > for free without making a mess of the code, that would be great.
> 
> Paranoid is called paranoid, because it is a disease. Many people tend to 
> forget that things are always based on a tradeoff. If such an attempt as 
> prohibiting all executable stacks is merely paranoid, we should not care 
> about it.

Except NX isn't just paranoid.  In Fedora Core 3, 43% of our
vulnerabilities did not apply to systems on which the hardware supported
non-executable stacks.

It's not a trivial number, and it wasn't all things that you could
predict without using some "hypothetical" examples.

Anyway, I certainly can't make you change the way you're doing
something.  I can say that if upstream GRUB 2 requires executable stacks
in userland (post-boot) processes, then neither Fedora Core nor RHEL can
ship anything very close to the upstream version of GRUB 2, because we
very seriously consider this practice to be a major security problem.

-- 
  Peter