Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263079AbTEBSix (ORCPT ); Fri, 2 May 2003 14:38:53 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263080AbTEBSix (ORCPT ); Fri, 2 May 2003 14:38:53 -0400 Received: from x35.xmailserver.org ([208.129.208.51]:49311 "EHLO x35.xmailserver.org") by vger.kernel.org with ESMTP id S263079AbTEBSiw (ORCPT ); Fri, 2 May 2003 14:38:52 -0400 X-AuthUser: davidel@xmailserver.org Date: Fri, 2 May 2003 11:51:33 -0700 (PDT) From: Davide Libenzi X-X-Sender: davide@blue1.dev.mcafeelabs.com To: Ingo Molnar cc: Linux Kernel Mailing List Subject: Re: [Announcement] "Exec Shield", new Linux security feature In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1005 Lines: 26 On Fri, 2 May 2003, Ingo Molnar wrote: > > > Ingo, do you want protection against shell code injection ? Have the > > > kernel to assign random stack addresses to processes and they won't be > > > able to guess the stack pointer to place the jump. I use a very simple > > > trick in my code : > > > > stack randomisation is already present in the kernel, in the form of > > cacheline coloring for HT cpus... > > we could make it even more prominent than just coloring, to introduce the > kind of variability that Davide's approach introduces. It has to be a > separate patch obviously. This would further reduce the chance that a > remote attack that has to guess the stack would succeed on a random box. This definitely should take much code ;) - Davide - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/