Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262219AbTEEQHx (ORCPT ); Mon, 5 May 2003 12:07:53 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262490AbTEEQHx (ORCPT ); Mon, 5 May 2003 12:07:53 -0400 Received: from nat-pool-rdu.redhat.com ([66.187.233.200]:55189 "EHLO devserv.devel.redhat.com") by vger.kernel.org with ESMTP id S262219AbTEEQHv (ORCPT ); Mon, 5 May 2003 12:07:51 -0400 Date: Mon, 5 May 2003 12:20:21 -0400 (EDT) From: Ingo Molnar X-X-Sender: mingo@devserv.devel.redhat.com To: linux-kernel@vger.kernel.org Subject: [patch] exec-shield-2.4.21-rc1-C5 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1757 Lines: 47 a new (-C5) release of the exec-shield patch can be found at: http://redhat.com/~mingo/exec-shield/exec-shield-2.4.21-rc1-C5 Changes since -B6: - removed the X_workaround - chstk can be used for equivalent functionality. (issue raised by Yoav Weiss) - increase SHLIB_BASE from 1MB to 1MB + 64KB, suggested by Alexandre Julliard, to fix DOS loaders. - fix Pentium/i386 compilation failure in fault.c. (reported by Johannes Walch) - fix signal return bug, found by pageexec@freemail.hu. - shared library address randomization, both within and outside the ASCII-shield. This should make remote attacks a little bit more difficult. - process stack randomization. A number of other patches did this as well, it generally helps. (There's no memory wasted because the stack area left out will simply not be paged in.) - turn off shlib relocation if the stack is executable. This is needed for Wine, qemu and other apps that need the low memory range. - do not show the wchan field of non-owned processes, and do not show the maps file either. This should make it a little bit harder to guess library locations for local attackers. most of the new stuff in this patch (randomization, information filtering) has been done in other patches as well (such as PaX, grsecurity, non-exec stack patch, etc.) - i tried to filter out and add the ones that matter most, do not introduce constraints and are thus uncontroversial. bug reports, suggestions welcome. Ingo - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/