| View previous topic :: View next topic |
| Author |
Message |
binkley
n00b
Joined: 17 Dec 2002
Posts: 37
Location: Houston, TX
|
 Posted: Wed May 21, 2003 2:51 pm Post subject: exec shield kernel patch for 2.4.21-rc1 |
 |
|
From http://kt.zork.net/kernel-traffic/kt20030520_216.html#9:
| Quote: | | The exec-shield feature provides protection against stack, buffer or function pointer overflows, and against other types of exploits that rely on overwriting data structures and/or putting code into those structures. The patch also makes it harder to pass in and execute the so-called 'shell-code' of exploits. The patch works transparently, ie. no application recompilation is necessary. |
The patch is against 2.4.21-rc1.
How does one suggest patches to the stock Gentoo kernel? This would be a very nice feature to have. |
|
| Back to top |
|
 |
jondkent
Apprentice
Joined: 26 Jul 2002
Posts: 289
Location: London
|
| Posted: Wed May 21, 2003 3:55 pm Post subject: |
|
|
I'd hope that you could apply this patch to the Gentoo kernel sources, but that depends upon what patches have been applied. I think there is a summary in the Kernel documentation.
Of course if you really want it you could download the vanilla kernel sources and patch that, plus any other patches you feel are useful. |
|
| Back to top |
|
|
MathFreak
Apprentice
Joined: 07 Jul 2002
Posts: 217
Location: Bethlehem, PA
|
| Posted: Wed May 21, 2003 4:53 pm Post subject: |
|
|
| I'm not certain, but it looks like all of that (and more) is done by the GRSecurity patch, which is part of the Gentoo kernel and has been around for quite a while. |
|
| Back to top |
|
|
binkley
n00b
Joined: 17 Dec 2002
Posts: 37
Location: Houston, TX
|
| Posted: Wed May 21, 2003 5:01 pm Post subject: |
|
|
| MathFreak wrote: | | I'm not certain, but it looks like all of that (and more) is done by the GRSecurity patch, which is part of the Gentoo kernel and has been around for quite a while. |
It is true grsec covers a lot, but the execshield patch is different in that it handles the permission bits pages relying on CPU support. Ingo Molnar explains this better than I can: | Ingo Molnar wrote: | It is commonly known that x86 pagetables do not support the so-called executable bit in the pagetable entries - PROT_EXEC and PROT_READ are merged into a single 'read or execute' flag. This means that even if an application marks a certain memory area non-executable (by not providing the PROT_EXEC flag upon mapping it) under x86, that area is still executable, if the area is PROT_READ.
Furthermore, the x86 ELF ABI marks the process stack executable, which requires that the stack is marked executable even on CPUs that support an executable bit in the pagetables.
This problem has been addressed in the past by various kernel patches, such as Solar Designer's excellent "non-exec stack patch". These patches mostly operate by using the x86 segmentation feature to set the code segment 'limit' value to a certain fixed value that points right below the stack frame. The exec-shield tries to cover as much virtual memory via the code segment limit as possible - not just the stack. |
|
|
| Back to top |
|
|
|
Networking & Security
