exec-shield (maybe ITP kernel-patch-exec-shield)
http://people.redhat.com/mingo/exec-shield/
http://kerneltrap.org/node/view/913
It seems that exec-shield does 99% of what PaX does (PaX is the most desirable
feature in GRSec). Exec-shield also has support for 2.6 and looks like it
will be a standard feature in Red Hat.
I have just built a kernel from the Debian kernel-source-2.4.22 package with
exec-shield, the patch applied cleanly and it appears to work well.
Maybe we should solve the debate about grsec and standard kernels by adding
exec-shield to the standard Debian kernel source? Then people who use a
kernel.org kernel can apply the grsec patch (which will not apply to a Debian
kernel source tree), and people who use the Debian kernel source will get
exec-shield by default?
If adding exec-shield to the Debian kernel is not considered a good idea then
I'll create a kernel-patch package for exec-shield, which will still remove
the need to make grsec work with the Debian kernel.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: