[grsec] recent kernel features and pax

Brian Kroth bpkroth at wisc.edu
Thu Jul 3 17:18:12 EDT 2008


I was just reading though [1] and came across this:

"1.9. BRK and PIE executable randomization

Exec-shield is a Red Hat that was started in 2003 by Red Hat to
implement several security protections and is mainly used in Red Hat and
Fedora. Many features have already been merged lot of time ago, but not
all of them. In 2.6.25 two of them are being merged: brk() randomization
and PIE executable randomization. Those two features should make the
address space randomization on i386 and x86_64 complete."

I was just wondering if/how this affects similar PAX features?

Thanks,
Brian

[1] http://kernelnewbies.org/Linux_2_6_25
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2192 bytes
Desc: not available
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20080703/632c4cc9/attachment.bin 


More information about the grsecurity mailing list