From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 319 invoked by uid 1002); 31 Aug 2003 18:55:40 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 24842 invoked from network); 31 Aug 2003 18:55:40 -0000 From: Ned Ludd Reply-To: solar@gentoo.org To: gentoo-dev@gentoo.org Cc: rac@gentoo.org, olivier.crete@tester.ca, Kurt Lieber Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-aA8sURCZM7WJOLRAMHrn" Organization: Gentoo Linux Developer (Hardened) Message-Id: <1062355981.30492.8579.camel@simple> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.3 Date: 31 Aug 2003 14:53:01 -0400 Subject: [gentoo-dev] Porting PaX to the amd64 X-Archives-Salt: 12ae5d43-1762-45d2-b3a5-a7f81405e2f0 X-Archives-Hash: 81378626d85587a93d662bc882eac6d1 --=-aA8sURCZM7WJOLRAMHrn Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Quote from the PaX docs. ---------------------------------------------------------------------- The goal of the PaX project is to research various defense mechanisms against the exploitation of software bugs that give an attacker arbitrary read/write access to the attacked task's address space. This class of bugs contains among others various forms of buffer overflow bugs (be they stack or heap based), user supplied format string bugs, etc. ---------------------------------------------------------------------- If you have an amd64 and your bold, brave and want to be on the bleeding edge of security solutions then your in luck. The PaX Team has come up with an experimental patch for the amd64 that needs some testing from a few somebody's that own or have root access to amd64 Grab yourself these three files to begin testing. * ftp://ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.22.tar.bz2 * http://pageexec.virtualave.net/pax-linux-2.4.22-200308271615.patch * http://grsecurity.net/~paxguy1/pax-linux-2.4.22.patch.amd64 unpack the kernel tar jxvf linux-2.4.22.tar.bz2 add the pax-linux-2.4.22-200308271615.patch add the pax-linux-2.4.22.patch.amd64 Enable pax in your kernel with as many options as your willing to help test. Compile the kernel # make menuconfig=20 # make dep bzImage modules modules_install tell your bootloader to use the arch/amd64/bzImage file reboot and report success/failures via email to pageexec@freemail.hu and or real-time on irc.freenode.net in #pax --=20 Ned Ludd Gentoo Linux Developer (Hardened) --=-aA8sURCZM7WJOLRAMHrn Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQCVAwUAP1JEDZ4WFLgrx1GWAQInrAP9H31gMBbHS3pyou5x28k0iO/89baLqgcd flU7mamMkv6kOjw5BL6N4/prmpODZJESPE0KvxpCCpP9vsiSzy0zA5BW+E/AdQzU ni0RbsTm6klSeABSYhkaUhShnopcGKgsbMM8jy9Meg5SintYAZCtjfW7DsT3zq3B QQd2ocw2yN4= =mHrv -----END PGP SIGNATURE----- --=-aA8sURCZM7WJOLRAMHrn--