exec-shield (was: Re: Problem with Loki games on Severn)

[Michael K. Johnson]

On Tue, Sep 16, 2003 at 11:40:10PM +0100, M A Young wrote:
> So to avoid confusion, what do 0, 1, and 2 mean? And what is
> exec-shield-randomize? And did you tell the people writing the next beta's
> release notes of these changes? While you are at it, you could update
> http://people.redhat.com/mingo/exec-shield/ANNOUNCE-exec-shield
> as well!

Well, Ulrich can't update Ingo's personal web page.

exec-shield-randomize defaults to on, and randomizes some addresses
to make attacks harder.  Unfortunately, for people trying to debugging
and reproduce problems, it can make debugging harder, so this allows
you to turn off the randomization but leave the rest of exec-shield
in place.

1 is default: ELF binaries with PT_GNU_STACK (essentially, built with
tools that are aware of exec-shield) have a new VM layout; those with
the PF_X bit set will have an executable stack.  All other binaries
get no change from default (say, Loki games...).

0 entirely disables all the effects of exec-shield, including
exec-shield-randomize.

2 enables every exec-shield unconditionally (modulo exec-shield-randomize)
regardless of the type of executable loaded.  This WILL break programs,
and is generally discouraged, but you've got enough rope to hang yourself
and break your Loki games.  :-)

I think I got the essentials right there.  :-)

michaelkjohnson

 "He that composes himself is wiser than he that composes a book."
 Linux Application Development                     -- Ben Franklin
 http://people.redhat.com/johnsonm/lad/