Hi,
I have read somewhere that there are some portions
of the exec-shield patches incoporated into the
kernel.
To what extend? There are no exec-shield patches
published for 2.6.13.x yet. Is this because the
complete
exec-shield patches have already been incorporated?
Additionally, do I only have to compile an exec-shield
patched kernel, or do I have to activate some
kernel-options, compile-options, /proc/* flags, or
something similar?
Thank you very much!
___________________________________________________________
Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de
On Sat, 2005-10-15 at 10:54 +0200, Michael Meyer wrote:
> Hi,
>
> I have read somewhere that there are some portions
> of the exec-shield patches incoporated into the
> kernel.
> To what extend?
The 32 bit NX support and parts of the randomisation are incorporated
already. The segment limit hack will never be incorporated (but that's
ok; NX is the real solution and more and more systems out there support
NX). The userspace parts of Exec-Shield are in the respective
gcc/glibc/binutils upstream codebases already.
> There are no exec-shield patches
> published for 2.6.13.x yet. Is this because the
> complete
> exec-shield patches have already been incorporated?
no more because you didn't look deep enough; they exist.
The most current patch is always in the rawhide kernel rpm; once in a
while that gets put into a "released" patch, but the rawhide one is
updated daily or just about.