Re: thoughts on kernel security issues

[Ingo Molnar]

* John Richard Moser <nigelenki@xxxxxxxxxxx> wrote:

> On a final note, isn't PaX the only technology trying to apply NX
> protections to kernel space? [...]

NX protection for kernel-space overflows on x86 has been part of the
mainline kernel as of June 2004 (released in 2.6.8), on CPUs that
support the NX bit - i.e. latest AMD and Intel CPUs. Let me quote from
the commit log:

http://linux.bkbits.net:8080/linux-2.5/cset@xxxxxxxxxxxx

  [...]
  furthermore, the patch also implements 'NX protection' for kernelspace
  code: only the kernel code and modules are executable - so even
  kernel-space overflows are harder (in some cases, impossible) to
  exploit. Here is how kernel code that tries to execute off the stack is
  stopped:

   kernel tried to access NX-protected page - exploit attempt? (uid: 500)
   Unable to handle kernel paging request at virtual address f78d0f40
    printing eip:
   ...

implemented, split out and brought to you by yours truly, as part
of the exec-shield project. (You know, the one not developed by that 
'scheduler developer' ;-)

	Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/