When
needed, PaX uses a fallback method (PAGEEXEC), which is slower but also very reliable.
Red Hat Enterprise Server and Fedora offer the ExecShield implementation of nonexecutable
memory pages. Although quite effective, it has been found to be vulnerable
under certain circumstances and to allow data to be executed.
Address Space Layout Randomization (ASLR)
The intent of ASLR is to randomize the following memory objects:
??? Executable image
??? Brk-managed heap
??? Library images
??? Mmap-managed heap
??? User space stack
??? Kernel space stack
PaX, in addition to providing non-executable pages of memory, fully implements the
preceding ASLR objectives. GRSecurity (a collection of kernel level patches and scripts)
incorporates PaX and has been merged into many versions of Linux. Red Hat and Fedora
use a Process Independent Executable (PIE) technique to implement ASLR. PIE offers
less randomization than PaX, although they protect the same memory areas. Systems
that implement ASLR provide a high level of protection from ???Return to libc??? exploits by
randomizing the way the function pointers of libc are called. This is done through the
randomization of the mmap() command and makes finding the pointer to the system()
and other functions nearly impossible.
Pages:
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367