Am 03.02.2012 03:15, schrieb Russell Coker:
Some shared libraries have code which can't be run without an
executable
stack, it's a small number of libraries that are written in assembler
code.
We want to allow running them but don't want to give all programs
permission
to execute code on the stack.
From memory the GR Security option for this was to flag the rare
executables
that want an executable stack and are permitted to have it.
The solution devised by libc/gcc upstream was to have a special
assembly
section in every shared object that doesn't require an executable
stack and if
an executable only loads shared objects that don't require it then
the
executable stack is disabled. Then we have SE Linux policy to
prevent most
programs from having an executable stack which means that if they are
tricked
into loading some of the rare libraries that need it then it doesn't
do
anything bad.
The downside to the latter approach is that lots of shared objects
which have
some assembler code needed to be patched.
The PaX approach involved less work.
Thanks for the insight :-)
But I guess you see what I meant... it's quite some job to get all this
known and working. Therefore I really liked the original idea of having
a -grsec kernel (and yes, I know the additional burden this places on
our maintainers and the security team).
Actually I'd like even more to see perhaps just PaX in the default
kernel; this could be easier than adding the full grsec suite.
Cheers,
Chris.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/663f0cba6631792f4b6873717bbb9...@scientia.net
