Re: Introducing security hardening features for Lenny

To: debian-devel@lists.debian.org
Subject: Re: Introducing security hardening features for Lenny
From: Kees Cook <kees@debian.org>
Date: Wed, 30 Jan 2008 14:21:50 -0800
Message-id: <[🔎] 20080130222150.GO16366@outflux.net>
In-reply-to: <[🔎] 20080130094141.GA16248@kos.to>
References: <20080129211624.GA3982@galadriel.inutil.org> <[🔎] 20080130094141.GA16248@kos.to>

On Wed, Jan 30, 2008 at 11:41:41AM +0200, Riku Voipio wrote:
> On Tue, Jan 29, 2008 at 10:16:24PM +0100, Moritz Muehlenhoff wrote:
> > In kernels that support text ASLR, programs compiled
> > for PIE will gain full position randomization.
> 
> For which architectures is text ASLR available? does it require
> external kernel patches? PIE means considerable system overhead
> and fatter binaries, especially for systems without large
> caches.

I can only speak for the Linux kernels, but sitting in the planned -x86
git queue for mm, text ASLR was enabled[1] for x86 and x86_64.

AFAIK, the similar RedHat and SuSE kernel patches also carry these
changes only for x86 and x86_64.

-Kees

[1] http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-x86.git;a=history;f=arch/x86/kernel/sys_x86_64.c;hb=mm

-- 
Kees Cook

Reply to:

References:
- Re: Introducing security hardening features for Lenny
  - From: Riku Voipio <riku.voipio@iki.fi>

Prev by Date: Re: changing the default syslog daemon for lenny?
Next by Date: Re: changing the default syslog daemon for lenny?
Previous by thread: Re: Introducing security hardening features for Lenny
Next by thread: Bug#463167: ITP: dsyslog -- a dumb syslog
Index(es):
- Date
- Thread