Security

From Go-OS

Jump to: navigation, search

In order to make 五OS as secure as possible, some common features will be built in the kernel from the very beginning.

NX Bit

Infos: http://en.wikipedia.org/wiki/NX_bit

As most (if not all) 64bits CPUs are supporting NX Bit, it will be used to avoid execution to reach places we don't want it to reach.

W^X

Infos: http://en.wikipedia.org/wiki/W%5EX

Enforce pages to be Writeable OR eXecutable, but never both. A page that was writeable cannot become executable.

Problems:

http://gcc.gnu.org/onlinedocs/gccint/Trampolines.html

Address space layout randomization

Infos: http://en.wikipedia.org/wiki/Address_space_layout_randomization

Make stack and library positions random. Libs are compiled with -fPIC so we won't need anything weird (just one GOT table per process).

Retrieved from "http://www.5os.net/w/index.php?title=Security&oldid=1738"

Views

Personal tools

Log in / create account

Search

Toolbox