version 1.1, 2003/03/25 21:50:10 |
version 1.2, 2003/03/25 21:54:34 |
|
|
<a href="http://www.trl.ibm.com/projects/security/ssp">ProPolice</a> |
<a href="http://www.trl.ibm.com/projects/security/ssp">ProPolice</a> |
stack protection technology into the system compiler. This protection is |
stack protection technology into the system compiler. This protection is |
enabled by default. |
enabled by default. |
|
<p> |
|
|
<li>W^X (pronounced: "W or X") binaries on ELF architectures. This is |
<li>W^X (pronounced: "W or X") binaries on ELF architectures. This is |
a fine-grained memory permissions layout, ensuring that memory which can be |
a fine-grained memory permissions layout, ensuring that memory which can be |
|
|
This raises the bar on potential buffer overflows and other attacks. |
This raises the bar on potential buffer overflows and other attacks. |
<p> |
<p> |
|
|
<li>Still more reduction in setuid binaries. |
<li>Still more reduction in setuid and setgid binaries, and more chroot |
|
use throughout the system. |
<p> |
<p> |
|
|
<li>The X window system uses privilege separation, for better security. |
<li>The X window system uses privilege separation, for better security. |