Exec Shield is a security patch for the Linux kernel that adds an NX bit to x86 CPUs. It was developed by Ingo Molnar of Red Hat, and is used as a part of Fedora Core 1, 2, 3, 4 and 5. Computer security is a field of computer science concerned with the control of risks related to computer use. ... The Linux kernel is a Unix-like operating system kernel that was begun by Linus Torvalds in 1991 and subsequently developed with the assistance of developers worldwide. ... NX stands for No eXecute. ... x86 or 80x86 is the generic name of a microprocessor architecture first developed and manufactured by Intel. ... CPU redirects here. ... Ingó Molnár, currently employed by Red Hat, is a Hungarian Linux kernel hacker. ... Red Hat, Inc. ... Fedora Core is an RPM-based Linux distribution, developed by the community-supported Fedora Project, sponsored by Red Hat. ...

Exec Shield attempts to flag data memory as non-executable and program memory as non-writeable. This suppresses many security exploits, such as those stemming from buffer overflows and other techniques relying on overwriting data and inserting code into those structures. Exec Shield also supplies some address space layout randomization for the mmap() and heap base. An exploit is a common term in the computer security community to refer to a piece of software that takes advantage of a bug, glitch or vulnerability, leading to privilege escalation or denial of service on a computer system. ... In computer security and programming, a buffer overflow, or buffer overrun, is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. ... In computer science, Address space layout randomization (ASLR) is a process which entails arranging the positions of major data areas randomly in virtual address space. ... In computing, mmap() is a POSIX-compliant Unix system call that maps files or devices into memory. ...

The patch additionally increases the difficulty of inserting and executing "shell code" rendering most exploits useless. No application recompilation is necessary to fully utilize exec-shield, although some applications (mono, wine, xemacs) are not fully compatible.

Implementation

Exec Shield works on all x86 CPUs utilizing the Code Segment limit. Because of the way Exec Shield works, it is very lightweight; however, it won't fully protect arbitrary virtual memory layouts. If the CS limit is raised, for example by calling mprotect() to make higher memory executable, then the protections are lost below that limit. Ingo Molnar points this out in an e-mail conversation. Fortunately, most applications are fairly sane at this; the stack (the important part) at least winds up above any mapped libraries, so doesn't become executable except by explicit calls by the application. The memory pages of the virtual address space seen by the process, may reside non-contiguously in primary, or even secondary storage. ... Ingó Molnár, currently employed by Red Hat, is a Hungarian Linux kernel hacker. ...

As of August, 2004, Exec Shield does not attempt to enforce memory protections by restricting mprotect() on any architecture; although memory may not initially be executable, it may become executable later. Exec Shield will allow an application to mark memory pages as both writable and executable at the same time. 2004 (MMIV) was a leap year starting on Thursday of the Gregorian calendar. ... In Unix-like operating systems, mprotect() is a POSIX system call for controlling memory protections. ...

History

This covers Exec Shield's release history. Implementation of PT_GNU_STACK and PT_GNU_HEAP binary markings and the deprecation of PT_GNU_HEAP are not yet covered here, nor is information on Exec Shield's minimal ASLR.

• May, 2003: Exec Shield first released

External links

• Ingo Molnar's Exec Shield patch web page, includes documentation in the file ANNOUNCE-exec-shield
• Newsforge Feature Article

See also

Free software Portal

• NX bit
• Openwall
• PaX
• StackGuard
• W^X