'[gentoo-hardened] Porting PaX to ia64 & amd64'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-hardened
Subject:    [gentoo-hardened] Porting PaX to ia64 & amd64
From:       Ned Ludd <solar () gentoo ! org>
Date:       2003-08-31 19:02:55
[Download RAW message or body]


Quote from the PaX docs.
----------------------------------------------------------------------
The goal of the PaX project is to research various defense mechanisms
against the exploitation of software bugs that give an attacker
arbitrary read/write access to the attacked task's address space. This
class of bugs contains among others various forms of buffer overflow
bugs (be they stack or heap based), user supplied format string bugs,
etc.
----------------------------------------------------------------------

If you have an ia64 or amd64 and your bold, brave and want to be on the bleeding
edge of security solutions then your in luck. The PaX Team has come up
with an experimental patch for the ia64 and amd64 that needs some testing
from a few somebody's that own or have root access to ia64 or amd64

Grab yourself these three files to begin testing.
* ftp://ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.22.tar.bz2
* http://pageexec.virtualave.net/pax-linux-2.4.22-200308271615.patch

* http://grsecurity.net/~paxguy1/pax-linux-2.4.22.patch.ia64
or
* http://grsecurity.net/~paxguy1/pax-linux-2.4.22.patch.amd64

unpack the kernel
tar jxvf linux-2.4.22.tar.bz2
add the pax-linux-2.4.22-200308271615.patch

add the pax-linux-2.4.22.patch.ia64
or
add the pax-linux-2.4.22.patch.amd64

Enable pax in your kernel with as many options as your willing to help
test.

Compile the kernel

# make menuconfig 
# make dep bzImage modules modules_install
tell your bootloader to use the arch/ia64/bzImage or arch/amd64/bzImage file

reboot and report success/failures via email to pageexec@freemail.hu and
or real-time on irc.freenode.net in #pax

-- 
Ned Ludd <solar@gentoo.org>
Gentoo Linux Developer (Hardened)

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic