Bugtraq mailing list archives
Re: Announcing RSX - non exec stack/heap module
From: Paul Starzetz <paul () starzetz de>
Date: Thu, 07 Jun 2001 19:49:29 +0200
Thomas Dullien wrote:
It would appearat first glance that RSX uses the same technique as PAX. Naturally, the PAX and RSX teams should confer to make a definitive statement on similarities and differences.Just for the record, the technique bears no similarity. PAX provides real, non-executable PAGES on x86 -- RSX remaps the heap segments outside of the code segment limit.
To be more precise: RSX does _not_ provide non-exec stack, heap and so on but the 'complement' speak executable code area. The segments which are remapped are _not_ the heap(s), speak data segments, but the code (marked as rx-p) areas. The basic idea while writing RSX was not to provide some heavy artillery but a small, very low penalty kernel module stopping not 100 but maybe 95% of wide spread local & remote attacks towards Linux machines. There cannot be a doubt that installing the module to protect few but endangered applications (like sshd, rshd, rpc) improves the system security. sincerely, Paul Starzetz
Current thread:
- Announcing RSX - non exec stack/heap module Paul Starzetz (Jun 06)
- Re: Announcing RSX - non exec stack/heap module Crispin Cowan (Jun 06)
- Re: Announcing RSX - non exec stack/heap module Thomas Dullien (Jun 07)
- Re: Announcing RSX - non exec stack/heap module Paul Starzetz (Jun 07)
- Re: Announcing RSX - non exec stack/heap module Paul Starzetz (Jun 07)
- Re: Announcing RSX - non exec stack/heap module Crispin Cowan (Jun 07)
- Re: Announcing RSX - non exec stack/heap module Paul Starzetz (Jun 12)
- Re: Announcing RSX - non exec stack/heap module Crispin Cowan (Jun 13)
- Re: Announcing RSX - non exec stack/heap module Paul Starzetz (Jun 13)
- Re: Announcing RSX - non exec stack/heap module Thomas Dullien (Jun 07)
- Re: Announcing RSX - non exec stack/heap module Crispin Cowan (Jun 06)
- <Possible follow-ups>
- Re: Announcing RSX - non exec stack/heap module zen-parse (Jun 13)