version 1.13, 2003/09/04 18:23:19 |
version 1.14, 2003/09/04 19:15:21 |
|
|
|
|
<li>Further W^X improvements, including support for the i386 architecture. |
<li>Further W^X improvements, including support for the i386 architecture. |
Native i386 binaries have their executable segments rearranged to support |
Native i386 binaries have their executable segments rearranged to support |
isolating code from data. |
isolating code from data, and the cpu CS limit is used to impose a best |
|
effort limit on code execution. |
<p> |
<p> |
|
|
<li>ld.so on ELF platforms now loads libraries in a random order for |
<li>ld.so on ELF platforms now loads libraries in a random order for |
greater resistance to attacks. The i386 architecture also has libraries |
greater resistance to attacks. The i386 architecture also maps libraries |
mapped at random addresses. Along with W^X, these changes increase the |
somewhat randomized addresses. Together with W^X and ProPolice, these |
difficulty of successfully exploiting an application error, such as a |
changes increase the difficulty of successfully exploiting an application |
buffer overflow. |
error, such as a buffer overflow. |
<p> |
<p> |
|
|
<li>A static bounds checker has been added to the compiler to perform basic |
<li>A static bounds checker has been added to the compiler to perform basic |