Stack-Smash Protector

dagmar at speakeasy.net dagmar at speakeasy.net
Mon Sep 30 16:29:12 PDT 2002


On Mon, 30 Sep 2002, Ivo Bitter wrote:

> On Mon, Sep 30, 2002 at 07:52:36PM +0100, Ian Molton wrote:
> > On Mon, 30 Sep 2002 03:54:59 +0000 (UTC)
> > dagmar at speakeasy.net wrote:
> >
> > >
> > > POSIX compliance dictates that the stack should be executeable.  This
> > > is, of course, intensely obnoxious,
> >
> > Hadnt realised that. shocking.
> >
> > I wonder if its possible to disable that in the kernel. shouldnt be
> > hard, even if there is no option...
>
> The grsecurity patch (see www.grsecurity.net) has a non-executable
> stack option. I think the openwall patches have something similar for
> 2.2 kernels.

On bastion hosts I go with 2.2.x kernels for that very reason.  The
OpenWall patches have been through a LOT more testing and use than the
grsecurity patch for 2.4.x kernels.  OpenWall's patch used to be referred
to as the Solar Designer patch.  :)  It's been around a loooong time.

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list