Totally unrealistic. Think: "do you want to install this program? Yes/No?" Security is more than memory corruption exploits prevention...
the whole point of PaX is that you *can* click any OK button without getting owned. not there yet but close :).
5
16
33
and PaX is more than memory corruption prevention. think grsec, sandboxes, etc. it's just not me who does all the work ;).
1
3
Do you really think you can solve the "user can click anything" problem, while still offering general purpose computing?
1
Replying to @rootkovska
sure, that's the whole raison d'etre of my work.

Oct 1, 2016 · 5:28 PM UTC

3
2
Replying to @paxteam @rootkovska
kernel hardening is mandatory but at one point you need userspace work too
1
size overflow, RAP, etc work in userland too and we're not done yet ;).
1
Replying to @paxteam
I think you ignore the fact that some developers might create intentionally malicious programs, not just incidentally buggy.
1
they have the same computing power. that's where unbreakable sandboxes come into the picture. the race's on ;).
1
Replying to @paxteam @rootkovska
wether rbac, a lam, a full virt layer or something else