spyro at f2s.com
Mon Sep 30 14:06:58 PDT 2002
On Mon, 30 Sep 2002 19:34:10 +0000 (UTC)
ivo at primerelay.net (Ivo Bitter) wrote:
> > I wonder if its possible to disable that in the kernel. shouldnt be
> > hard, even if there is no option...
> The grsecurity patch (see www.grsecurity.net) has a non-executable
> stack option. I think the openwall patches have something similar for
> 2.2 kernels.
Erk. the cure sounds worse than the disease...
Quote below from the patch...
+ This will also break programs that rely on the old behaviour and
+ expect that dynamically allocated memory via the malloc() family
+ of functions is executable (which it is not). Notable examples
+ are the XFree86 4.x server, the java runtime and wine.
+ NOTE: you can use the 'chpax' utility to enable/disable this
+ feature on a per file basis. chpax is available at
+Paging based non-executable pages
+ This implementation is based on the paging feature of the CPU
+ and has a variable performance impact on applications depending
+ on their memory usage pattern. You should carefully evaluate
+ your applications before using this feature in production.
+Segmentation based non-executable pages
+ This implementation is based on the segmentation feature of the
+ CPU and has little performance impact, however applications will
+ be limited to a 1.5 GB address space instead of the normal 3 GB.
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security