Re: [Announcement] "Exec Shield", new Linux security feature

John Bradford (john@grabjohn.com)
Fri, 2 May 2003 19:29:38 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Daniele Bellucci: "FIX 2.4.20-2.4.21-rc1: comp. problems in find_task_by_pid, sys_capget, sys_ptrace, sys_tkill.."
Previous message: Linus Torvalds: "Re: Aic7xxx and Aic79xx Driver Updates"
Next in thread: David Mosberger: "Re: [Announcement] "Exec Shield", new Linux security feature"
Reply: David Mosberger: "Re: [Announcement] "Exec Shield", new Linux security feature"

> > > Ingo, do you want protection against shell code injection ? Have the
> > > kernel to assign random stack addresses to processes and they won't be
> > > able to guess the stack pointer to place the jump. I use a very simple
> > > trick in my code :
> >
> > stack randomisation is already present in the kernel, in the form of
> > cacheline coloring for HT cpus...
>
> we could make it even more prominent than just coloring, to introduce the
> kind of variability that Davide's approach introduces. It has to be a
> separate patch obviously. This would further reduce the chance that a
> remote attack that has to guess the stack would succeed on a random box.

Slightly off-topic, but does anybody know whether IA64 or x86-64 allow
you to make the stack non-executable in the same way you can on SPARC?

John.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniele Bellucci: "FIX 2.4.20-2.4.21-rc1: comp. problems in find_task_by_pid, sys_capget, sys_ptrace, sys_tkill.."
Previous message: Linus Torvalds: "Re: Aic7xxx and Aic79xx Driver Updates"
Next in thread: David Mosberger: "Re: [Announcement] "Exec Shield", new Linux security feature"
Reply: David Mosberger: "Re: [Announcement] "Exec Shield", new Linux security feature"