[20908] in bugtraq
Re: Announcing RSX - non exec stack/heap module
daemon@ATHENA.MIT.EDU (Paul Starzetz)
Thu Jun 7 18:04:22 2001
Message-ID: <3B1FBEA9.2C067E66@starzetz.de>
Date: Thu, 07 Jun 2001 19:49:29 +0200
From: Paul Starzetz <paul@starzetz.de>
MIME-Version: 1.0
To: Thomas Dullien <Dullien@gmx.net>,
"bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Thomas Dullien wrote:
>
> > It would appearat first glance that RSX uses the same technique as PAX.
> > Naturally, the PAX and RSX teams should confer to make a definitive
> > statement on similarities and differences.
>
> Just for the record, the technique bears no similarity. PAX provides
> real, non-executable PAGES on x86 -- RSX remaps the heap segments
> outside of the code segment limit.
To be more precise: RSX does _not_ provide non-exec stack, heap and so
on but the 'complement' speak executable code area. The segments which
are remapped are _not_ the heap(s), speak data segments, but the code
(marked as rx-p) areas.
The basic idea while writing RSX was not to provide some heavy artillery
but a small, very low penalty kernel module stopping not 100 but maybe
95% of wide spread local & remote attacks towards Linux machines.
There cannot be a doubt that installing the module to protect few but
endangered applications (like sshd, rshd, rpc) improves the system
security.
sincerely,
Paul Starzetz
