[ Thanks to Jeremy
Andrews for this link. ]
Ingo Molnar has announced a new kernel-based security feature
for Linux/x86 called ‘Exec Shield.’ He describes the patch, which
is against the 2.4.20-rc1 kernel, as:“‘The exec-shield feature provides protection against stack,
buffer or function pointer overflows, and against other types of
exploits that rely on overwriting data structures and/or putting
code into those structures. The patch also makes it harder to pass
in and execute the so-called ‘shell-code’ of exploits. The patch
works transparently, ie. no application recompilation is
necessary.’“Ingo goes on to provide a lengthy and quite informative
description of Exec Shield, beginning with a little background
describing the problem that the patch works to fix. This is
followed with a longer section devoted to describing how the
solution has been implemented, followed by an examination of its
limitations. The final section describes how the patch is installed
and used. Read on for Ingo’s excellent writeup, and some of the
resulting discussion…”