Announcement Announcement Module
No announcement yet.
Enable ExecShield in Linux to prevent buffer overflow attacks. Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Enable ExecShield in Linux to prevent buffer overflow attacks.

    First of all what is ExecShield feature in Linux kerenel?

    A brief description should be like:

    Exec Shield is a project started at Red Hat, Inc in late 2002 with the aim of reducing the risk of worm or other automated remote attacks on Linux systems. The first result of the project was a security patch for the Linux kernel that emulates an NX bit on x86 CPUs that lack a native NX implementation in hardware. While the Exec Shield project has had many other components, some people refer to this first patch as Exec Shield.
    So what is it really?

    Exec Shield provides protection against certain types of buffer overflow attacks. There are many types of exploits ExecShield was designed to combat. The most common and easy-to-exploit vulnerability is the infamous buffer overflow. For example an example of a typical function (or subroutine) that uses a fixed size buffer, data and program code are mixed up, and the processor is tricked into executing what is supposed to be "just data." In fact, this way of exploiting buffer overflows would have been impossible if there was a strict separation between program code (executed but not written to) and application data (written to but never executed). It should be impossible for the processor to execute data.

    Unfortunately, the x86 family of processors do not have a regular method for controlling the execution of memory that contains data. The processor vendors are aware of this issue, and with AMD's launch of the first AMD64 CPUs, the x86(-64) architecture improved, keeping the processor from executing code from the parts of memory marked data. Intel and other x86 processor vendors quickly followed suit. Today, almost any x86 or x86-64 processor you buy has support for this feature, called NX by AMD (sometimes marketed as "anti-virus protection") and Execute Disable by Intel. The NX technology works by giving each "page" of memory (a page is the unit in which the processor operates on memory with respect to permissions and swapping; equivalent to 4096 bytes on x86) a special "don't execute this" permission.

    How do we enable the protection in linux if our hardware doesn't have the support?

    add below lines to /etc/sysctl.conf

    kernel.exec-shield = 1
    kernel.randomize_va_space = 1
    Load setting using sysctl -p
    Last edited by r00t_; 12th May 2014, 12:57 PM.
Tag Cloud Tag Cloud Module