1 |
Quote from the PaX docs. |
2 |
---------------------------------------------------------------------- |
3 |
The goal of the PaX project is to research various defense mechanisms |
4 |
against the exploitation of software bugs that give an attacker |
5 |
arbitrary read/write access to the attacked task's address space. This |
6 |
class of bugs contains among others various forms of buffer overflow |
7 |
bugs (be they stack or heap based), user supplied format string bugs, |
8 |
etc. |
9 |
---------------------------------------------------------------------- |
10 |
|
11 |
If you have an ia64 or amd64 and your bold, brave and want to be on the bleeding |
12 |
edge of security solutions then your in luck. The PaX Team has come up |
13 |
with an experimental patch for the ia64 and amd64 that needs some testing |
14 |
from a few somebody's that own or have root access to ia64 or amd64 |
15 |
|
16 |
Grab yourself these three files to begin testing. |
17 |
* ftp://ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.22.tar.bz2 |
18 |
* http://pageexec.virtualave.net/pax-linux-2.4.22-200308271615.patch |
19 |
|
20 |
* http://grsecurity.net/~paxguy1/pax-linux-2.4.22.patch.ia64 |
21 |
or |
22 |
* http://grsecurity.net/~paxguy1/pax-linux-2.4.22.patch.amd64 |
23 |
|
24 |
unpack the kernel |
25 |
tar jxvf linux-2.4.22.tar.bz2 |
26 |
add the pax-linux-2.4.22-200308271615.patch |
27 |
|
28 |
add the pax-linux-2.4.22.patch.ia64 |
29 |
or |
30 |
add the pax-linux-2.4.22.patch.amd64 |
31 |
|
32 |
Enable pax in your kernel with as many options as your willing to help |
33 |
test. |
34 |
|
35 |
Compile the kernel |
36 |
|
37 |
# make menuconfig |
38 |
# make dep bzImage modules modules_install |
39 |
tell your bootloader to use the arch/ia64/bzImage or arch/amd64/bzImage file |
40 |
|
41 |
reboot and report success/failures via email to pageexec@××××××××.hu and |
42 |
or real-time on irc.freenode.net in #pax |
43 |
|
44 |
-- |
45 |
Ned Ludd <solar@g.o> |
46 |
Gentoo Linux Developer (Hardened) |