| 1 |
Quote from the PaX docs. |
| 2 |
---------------------------------------------------------------------- |
| 3 |
The goal of the PaX project is to research various defense mechanisms |
| 4 |
against the exploitation of software bugs that give an attacker |
| 5 |
arbitrary read/write access to the attacked task's address space. This |
| 6 |
class of bugs contains among others various forms of buffer overflow |
| 7 |
bugs (be they stack or heap based), user supplied format string bugs, |
| 8 |
etc. |
| 9 |
---------------------------------------------------------------------- |
| 10 |
|
| 11 |
If you have an ia64 or amd64 and your bold, brave and want to be on the bleeding |
| 12 |
edge of security solutions then your in luck. The PaX Team has come up |
| 13 |
with an experimental patch for the ia64 and amd64 that needs some testing |
| 14 |
from a few somebody's that own or have root access to ia64 or amd64 |
| 15 |
|
| 16 |
Grab yourself these three files to begin testing. |
| 17 |
* ftp://ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.22.tar.bz2 |
| 18 |
* http://pageexec.virtualave.net/pax-linux-2.4.22-200308271615.patch |
| 19 |
|
| 20 |
* http://grsecurity.net/~paxguy1/pax-linux-2.4.22.patch.ia64 |
| 21 |
or |
| 22 |
* http://grsecurity.net/~paxguy1/pax-linux-2.4.22.patch.amd64 |
| 23 |
|
| 24 |
unpack the kernel |
| 25 |
tar jxvf linux-2.4.22.tar.bz2 |
| 26 |
add the pax-linux-2.4.22-200308271615.patch |
| 27 |
|
| 28 |
add the pax-linux-2.4.22.patch.ia64 |
| 29 |
or |
| 30 |
add the pax-linux-2.4.22.patch.amd64 |
| 31 |
|
| 32 |
Enable pax in your kernel with as many options as your willing to help |
| 33 |
test. |
| 34 |
|
| 35 |
Compile the kernel |
| 36 |
|
| 37 |
# make menuconfig |
| 38 |
# make dep bzImage modules modules_install |
| 39 |
tell your bootloader to use the arch/ia64/bzImage or arch/amd64/bzImage file |
| 40 |
|
| 41 |
reboot and report success/failures via email to pageexec@××××××××.hu and |
| 42 |
or real-time on irc.freenode.net in #pax |
| 43 |
|
| 44 |
-- |
| 45 |
Ned Ludd <solar@g.o> |
| 46 |
Gentoo Linux Developer (Hardened) |
Archives