Subject: Re: [Announcement] "Exec Shield", new Linux security feature
From: Arjan van de Ven <arjanv@redhat.com>
Reply-To: arjanv@redhat.com
To: Davide Libenzi <davidel@xmailserver.org>
Cc: Ingo Molnar <mingo@redhat.com>,
       Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
In-Reply-To: <Pine.LNX.4.50.0305020948550.1904-100000@blue1.dev.mcafeelabs.com>
References: <Pine.LNX.4.44.0305021217090.17548-100000@devserv.devel.redhat.com>
	 <Pine.LNX.4.50.0305020948550.1904-100000@blue1.dev.mcafeelabs.com>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-J0K0t54hiv1UbhVdL4sz"
Organization: Red Hat, Inc.
Message-Id: <1051895901.1593.16.camel@laptop.fenrus.com>
Mime-Version: 1.0
Date: 02 May 2003 19:18:21 +0200
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1048
Lines: 32


--=-J0K0t54hiv1UbhVdL4sz
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


> Ingo, do you want protection against shell code injection ? Have the
> kernel to assign random stack addresses to processes and they won't be
> able to guess the stack pointer to place the jump. I use a very simple
> trick in my code :

stack randomisation is already present in the kernel, in the form of
cacheline coloring for HT cpus...

--=-J0K0t54hiv1UbhVdL4sz
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQA+sqhdxULwo51rQBIRAsPbAJ9pvgP1s5HqO1j9dpzhbUlOwtfgGQCfUkQd
xM8TtDZHhGaKtIB/zOKNE+c=
=vAXL
-----END PGP SIGNATURE-----

--=-J0K0t54hiv1UbhVdL4sz--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/