Hi, In case you weren't aware, grsecurity recently added official support for alpha. With this included an alpha port of PaX. This means that on alpha, Linux will now make use of the architecture's hardware support for the non-executable bit. In addition to this, PaX will tighten down page protections, so there there exists no mappings that are both writable and executable, which prevents arbitrary code execution. PaX also provides randomization of the stack, memory map, and executable base for the alpha architecture. It should be a nice addition to an alpha server running in a production environment that requires additional security. For more information on grsecurity: http://www.grsecurity.net For more information on PaX: http://pageexec.virtualave.net With that said, we would like to point out some userspace problems we have seen on other architectures that are also present on alpha. The main problem is that the PLT on alpha is mapped rwx. PaX currently does emulation at the kernel level so that the PLT won't be a target for arbitrary code execution, while still allowing normal program operation. It would be beneficial, however, if the alpha glibc maintainers could move the PLT into .text in future versions (and reflect this change in ld.so as well), so that the emulation wouldn't be necessary. We have also observed some binaries (update-menus for one) that perform ET_EXEC relocations for some reason. PaX has implemented a workaround for this, but it would also be nice for this to be fixed on the userland end. Thanks, -Brad
Attachment:
pgptajyXtSFkr.pgp
Description: PGP signature