hubertf's NetBSD Blog
Send interesting links to hubert at feyrer dot de!
[20060516] PaX, kauth(9), and beyond
Elad Efrat has been working on kauth(9) in the past, and he has committed it to NetBSD-current now. See his original proposal of all the details about the framework, which basically can be used to authorize access to various kernel mechanisms. After kauth(9) is now committed, the implementation of secure levels is the first thing that will be re-implemented based on kauth(9), see Elad's mail to tech-security for an analysis of the current secure levels, and a way to map them onto the kauth(9) framework.

In the mean time while this is hashed out, Elad has also committed his work on PaX MPROTECT, which offers mprotect(2) restrictions used to strengthen W^X mappings. More information on PaX is available in Elad's initial proposal and at the grsecurity site.

[Tags: , , ]

Disclaimer: All opinion expressed here is purely my own. No responsibility is taken for anything.

Access count: 32370522
Copyright (c) Hubert Feyrer