Patch 0/6 virtual address space randomisation

From: Arjan van de Ven
Date: Thu Jan 27 2005 - 05:12:03 EST

Next message: Arjan van de Ven: "Re: Patch 1/6 introduce sysctl"
Previous message: Kay Sievers: "[PATCH] sysfs: export the vfs release call of binary attribute"
Next in thread: Arjan van de Ven: "Re: Patch 1/6 introduce sysctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The randomisation patch series introduces infrastructure and functionality
that causes certain parts of a process' virtual address space to be
different for each invocation of the process. The purpose of this is to
raise the bar on buffer overflow exploits; full randomisation makes it not
possible to use absolute addresses in the exploit.

This first series only does a partial randomisation, future series will
randomize other parts of the virtual address space as well.

01-sysctl-A0 - introduce a sysctl to enable/disable
02-randomize-infrastructure - infrastructure helpers
03-PF_RANDOMIZE - per process flag to enable/disable
04-stack - start randomizing the stack pointer
05-mmap - start randomizing mmap addresses
06-default-enable - enable randomisation by default (for -mm testing only)

This series does NOT randomize the brk() area and does not yet add support
for PIE binaries. This I will leave to a next series; this one should first
settle down.

Signed-off-by: Arjan van de Ven <arjan@xxxxxxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arjan van de Ven: "Re: Patch 1/6 introduce sysctl"
Previous message: Kay Sievers: "[PATCH] sysfs: export the vfs release call of binary attribute"
Next in thread: Arjan van de Ven: "Re: Patch 1/6 introduce sysctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]