Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263025AbTEBRT6 (ORCPT ); Fri, 2 May 2003 13:19:58 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263026AbTEBRT6 (ORCPT ); Fri, 2 May 2003 13:19:58 -0400 Received: from nat-pool-rdu.redhat.com ([66.187.233.200]:38205 "EHLO devserv.devel.redhat.com") by vger.kernel.org with ESMTP id S263025AbTEBRT5 (ORCPT ); Fri, 2 May 2003 13:19:57 -0400 Date: Fri, 2 May 2003 13:32:20 -0400 (EDT) From: Ingo Molnar X-X-Sender: mingo@devserv.devel.redhat.com To: Arjan van de Ven cc: Davide Libenzi , Linux Kernel Mailing List Subject: Re: [Announcement] "Exec Shield", new Linux security feature In-Reply-To: <1051895901.1593.16.camel@laptop.fenrus.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 939 Lines: 25 On 2 May 2003, Arjan van de Ven wrote: > > Ingo, do you want protection against shell code injection ? Have the > > kernel to assign random stack addresses to processes and they won't be > > able to guess the stack pointer to place the jump. I use a very simple > > trick in my code : > > stack randomisation is already present in the kernel, in the form of > cacheline coloring for HT cpus... we could make it even more prominent than just coloring, to introduce the kind of variability that Davide's approach introduces. It has to be a separate patch obviously. This would further reduce the chance that a remote attack that has to guess the stack would succeed on a random box. Ingo - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/