[opensuse-kernel] exec-shield
Hi, Are there any plans to include exec-shield into the OpenSuSE kernel? I would like to have this feature. :-) Thanks, //richard -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kernel+help@opensuse.org
On Thu, Feb 21, 2008 at 02:30:36AM +0100, richard -rw- weinberger wrote:
Hi,
Are there any plans to include exec-shield into the OpenSuSE kernel? I would like to have this feature. :-)
What specific portion of exec-shield are you wanting to see in our kernel? Last I looked, there's only 1 feature that is not in there, as it is almost all merged into the main kernel.org tree already. thanks, greg k-h -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kernel+help@opensuse.org
2008/2/21, Greg KH <gregkh@suse.de>:
What specific portion of exec-shield are you wanting to see in our kernel? Last I looked, there's only 1 feature that is not in there, as it is almost all merged into the main kernel.org tree already.
Exec-shield goes Mainline? That's great! I know exec-shield only as one[1] nice "feature" to stop some Stack overflows... Sorry for wasting your time, //richard [1] http://people.redhat.com/mingo/exec-shield/exec-shield-nx-2.6.19.patch -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kernel+help@opensuse.org
On Thu, 21 Feb 2008, richard -rw- weinberger wrote:
I know exec-shield only as one[1] nice "feature" to stop some Stack overflows... [1] http://people.redhat.com/mingo/exec-shield/exec-shield-nx-2.6.19.patch
This patch contains much more than only emulating NX bit on those i386 that don't honor it (which is what I guess you are actually referring to). The NX emulation is not going upstream, but certain parts of this large patch (such as address space randomization for position-independent code, heap base-address randomization) have already been merged upstream and will be present in 2.6.25. -- Jiri Kosina SUSE Labs -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kernel+help@opensuse.org
On Thursday 21 February 2008 02:30:36 richard -rw- weinberger wrote:
Hi,
Are there any plans to include exec-shield into the OpenSuSE kernel? I would like to have this feature. :-)
We were always pretty reluctant to support full exec shield (which is pretty much a marketing name for a couple of security technologies, some of them originally came out of SUSE development) because it tends to break quite a lot of software and binary compatibility is considered very important for OpenSUSE. However some parts that are not that bad in this regard are either already integrated or are in the process of being integrated. -Andi -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kernel+help@opensuse.org
participants (4)
-
Andi Kleen -
Greg KH -
Jiri Kosina -
richard -rw- weinberger