linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: John Bradford <john@grabjohn.com>
To: mingo@redhat.com (Ingo Molnar)
Cc: arjanv@redhat.com (Arjan van de Ven),
	davidel@xmailserver.org (Davide Libenzi),
	linux-kernel@vger.kernel.org (Linux Kernel Mailing List)
Subject: Re: [Announcement] "Exec Shield", new Linux security feature
Date: Fri, 2 May 2003 19:29:38 +0100 (BST)	[thread overview]
Message-ID: <200305021829.h42ITclA000178@81-2-122-30.bradfords.org.uk> (raw)
In-Reply-To: <Pine.LNX.4.44.0305021325130.6565-100000@devserv.devel.redhat.com> from "Ingo Molnar" at May 02, 2003 01:32:20 PM

> > > Ingo, do you want protection against shell code injection ? Have the
> > > kernel to assign random stack addresses to processes and they won't be
> > > able to guess the stack pointer to place the jump. I use a very simple
> > > trick in my code :
> > 
> > stack randomisation is already present in the kernel, in the form of
> > cacheline coloring for HT cpus...
> 
> we could make it even more prominent than just coloring, to introduce the
> kind of variability that Davide's approach introduces. It has to be a
> separate patch obviously. This would further reduce the chance that a
> remote attack that has to guess the stack would succeed on a random box.

Slightly off-topic, but does anybody know whether IA64 or x86-64 allow
you to make the stack non-executable in the same way you can on SPARC?

John.

  reply	other threads:[~2003-05-02 18:13 UTC|newest]

Thread overview: 49+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-05-02 16:37 [Announcement] "Exec Shield", new Linux security feature Ingo Molnar
2003-05-02 17:05 ` Matthias Andree
2003-05-02 17:12   ` Marc-Christian Petersen
2003-05-02 17:12 ` Davide Libenzi
2003-05-02 17:18   ` Arjan van de Ven
2003-05-02 17:32     ` Ingo Molnar
2003-05-02 18:29       ` John Bradford [this message]
2003-05-02 18:32         ` H. Peter Anvin
2003-05-02 19:09         ` David Mosberger
2003-05-02 18:51       ` Davide Libenzi
     [not found]   ` <20030502172011$0947@gated-at.bofh.it>
2003-05-02 18:17     ` Florian Weimer
2003-05-02 18:29       ` Davide Libenzi
2003-05-02 18:32         ` Florian Weimer
2003-05-02 18:50           ` Davide Libenzi
2003-05-02 21:48 ` Carl-Daniel Hailfinger
2003-05-03  6:52   ` Ingo Molnar
2003-05-03  9:56     ` Carl-Daniel Hailfinger
2003-05-03 12:48       ` Arjan van de Ven
2003-05-04  6:52     ` Calin A. Culianu
2003-05-04  8:10       ` Ingo Molnar
2003-05-04  8:52         ` Ingo Molnar
2003-05-04 15:40           ` Calin A. Culianu
2003-05-04 15:48             ` Sean Neakums
2003-05-04 15:23         ` Calin A. Culianu
2003-05-04 20:07       ` H. Peter Anvin
2003-05-04 20:57 ` Kasper Dupont
2003-05-05 16:20 ` [patch] exec-shield-2.4.21-rc1-C5 Ingo Molnar
     [not found] <Pine.LNX.4.44.0305021325130.6565-100000@devserv.devel.redhat.com.suse.lists.linux.kernel>
     [not found] ` <200305021829.h42ITclA000178@81-2-122-30.bradfords.org.uk.suse.lists.linux.kernel>
     [not found]   ` <b8udjm$cgq$1@cesium.transmeta.com.suse.lists.linux.kernel>
2003-05-02 20:51     ` [Announcement] "Exec Shield", new Linux security feature Andi Kleen
2003-05-02 20:56       ` H. Peter Anvin
2003-05-02 21:07         ` Andi Kleen
2003-05-02 21:09           ` H. Peter Anvin
2003-05-02 21:25             ` Andi Kleen
2003-05-02 22:46 Chuck Ebbert
2003-05-03 13:19 linux
2003-05-03 23:00 ` Valdis.Kletnieks
2003-05-04  7:03   ` Calin A. Culianu
2003-05-04  8:49     ` Arjan van de Ven
2003-05-05 13:35     ` Jesse Pollard
2003-05-04 15:24   ` linux
2003-05-04 11:19 Yoav Weiss
2003-05-04 13:51 ` Ingo Molnar
2003-05-04 14:25 Chuck Ebbert
2003-05-04 22:22 ` Richard Henderson
2003-05-05  0:41   ` H. Peter Anvin
     [not found] <Pine.LNX.4.44.0305040404300.12757-100000@devserv.devel.redhat.com.suse.lists.linux.kernel>
     [not found] ` <Pine.LNX.4.44.0305040448250.24497-100000@devserv.devel.redhat.com.suse.lists.linux.kernel>
2003-05-04 15:48   ` Andi Kleen
2003-05-04 16:20 Yoav Weiss
2003-05-04 23:55 Chuck Ebbert
2003-05-05  3:14 ` H. Peter Anvin
2003-05-05  7:14 Ingo Molnar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200305021829.h42ITclA000178@81-2-122-30.bradfords.org.uk \
    --to=john@grabjohn.com \
    --cc=arjanv@redhat.com \
    --cc=davidel@xmailserver.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).