Re: [Announcement] "Exec Shield", new Linux security feature

Ingo Molnar (mingo@redhat.com)
Fri, 2 May 2003 13:32:20 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Carl-Daniel Hailfinger: "Re: Did the SCO Group plant UnixWare source in the Linux kernel?"
Previous message: John Jasen: "Re: Did the SCO Group plant UnixWare source in the Linux kernel?"
In reply to: Arjan van de Ven: "Re: [Announcement] "Exec Shield", new Linux security feature"

On 2 May 2003, Arjan van de Ven wrote:

> > Ingo, do you want protection against shell code injection ? Have the
> > kernel to assign random stack addresses to processes and they won't be
> > able to guess the stack pointer to place the jump. I use a very simple
> > trick in my code :
>
> stack randomisation is already present in the kernel, in the form of
> cacheline coloring for HT cpus...

we could make it even more prominent than just coloring, to introduce the
kind of variability that Davide's approach introduces. It has to be a
separate patch obviously. This would further reduce the chance that a
remote attack that has to guess the stack would succeed on a random box.

Ingo

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Carl-Daniel Hailfinger: "Re: Did the SCO Group plant UnixWare source in the Linux kernel?"
Previous message: John Jasen: "Re: Did the SCO Group plant UnixWare source in the Linux kernel?"
In reply to: Arjan van de Ven: "Re: [Announcement] "Exec Shield", new Linux security feature"