1 |
Quote from the PaX docs. |
2 |
---------------------------------------------------------------------- |
3 |
The goal of the PaX project is to research various defense mechanisms |
4 |
against the exploitation of software bugs that give an attacker |
5 |
arbitrary read/write access to the attacked task's address space. This |
6 |
class of bugs contains among others various forms of buffer overflow |
7 |
bugs (be they stack or heap based), user supplied format string bugs, |
8 |
etc. |
9 |
---------------------------------------------------------------------- |
10 |
|
11 |
If you have an amd64 and your bold, brave and want to be on the bleeding |
12 |
edge of security solutions then your in luck. The PaX Team has come up |
13 |
with an experimental patch for the amd64 that needs some testing |
14 |
from a few somebody's that own or have root access to amd64 |
15 |
|
16 |
Grab yourself these three files to begin testing. |
17 |
* ftp://ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.22.tar.bz2 |
18 |
* http://pageexec.virtualave.net/pax-linux-2.4.22-200308271615.patch |
19 |
* http://grsecurity.net/~paxguy1/pax-linux-2.4.22.patch.amd64 |
20 |
|
21 |
unpack the kernel |
22 |
tar jxvf linux-2.4.22.tar.bz2 |
23 |
add the pax-linux-2.4.22-200308271615.patch |
24 |
add the pax-linux-2.4.22.patch.amd64 |
25 |
|
26 |
Enable pax in your kernel with as many options as your willing to help |
27 |
test. |
28 |
|
29 |
Compile the kernel |
30 |
|
31 |
# make menuconfig |
32 |
# make dep bzImage modules modules_install |
33 |
tell your bootloader to use the arch/amd64/bzImage file |
34 |
|
35 |
reboot and report success/failures via email to pageexec@××××××××.hu and |
36 |
or real-time on irc.freenode.net in #pax |
37 |
|
38 |
-- |
39 |
Ned Ludd <solar@g.o> |
40 |
Gentoo Linux Developer (Hardened) |