| version 1.13, 2003/09/04 18:23:19 |
version 1.14, 2003/09/04 19:15:21 |
|
|
| |
|
| <li>Further W^X improvements, including support for the i386 architecture. |
<li>Further W^X improvements, including support for the i386 architecture. |
| Native i386 binaries have their executable segments rearranged to support |
Native i386 binaries have their executable segments rearranged to support |
| isolating code from data. |
isolating code from data, and the cpu CS limit is used to impose a best |
| |
effort limit on code execution. |
| <p> |
<p> |
| |
|
| <li>ld.so on ELF platforms now loads libraries in a random order for |
<li>ld.so on ELF platforms now loads libraries in a random order for |
| greater resistance to attacks. The i386 architecture also has libraries |
greater resistance to attacks. The i386 architecture also maps libraries |
| mapped at random addresses. Along with W^X, these changes increase the |
somewhat randomized addresses. Together with W^X and ProPolice, these |
| difficulty of successfully exploiting an application error, such as a |
changes increase the difficulty of successfully exploiting an application |
| buffer overflow. |
error, such as a buffer overflow. |
| <p> |
<p> |
| |
|
| <li>A static bounds checker has been added to the compiler to perform basic |
<li>A static bounds checker has been added to the compiler to perform basic |
![[BACK]](/icons/back.gif){kind=icon}
Return to 34.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www