Re: about buffer overflow.

Barry K. Nathan (barryn@pobox.com)
Sun, 18 May 2003 23:22:24 -0700


On Mon, May 19, 2003 at 03:00:47AM +0300, Halil Demirezen wrote:
> yes that is interesting, however, what i want to learn, clearly, is
> this patch available from 2.4.20-rc1 at every default linux kernel
> from this moment on?

It (ExecShield0 is *not* in the mainline kernel at this time. I don't
know when (or even if) it'll be added to the mainline kernels either.

Red Hat's Rawhide kernels (2.4.20-1.1990 for example) seem to have it,
but those are experimental kernels that are not for production use. I
guess time will tell whether Red Hat ships ExecShield by default in
their next release.

BTW, another option is the pageexec ("PaX") patch:
http://pageexec.virtualave.net/ (warning: this page has pop-up windows)

and that's integrated into a more comprehensive security patch,
grsecurity:
http://www.grsecurity.net/

-Barry K. Nathan <barryn@pobox.com>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/