Editing Exec Shield

{{Short description|Project aiming to reduce the risk of attacks on Linux systems}}
{{Refimprove|date=September 2007}}
'''Exec Shield''' is a project started at [[Red Hat]], Inc in late 2002 with the aim of reducing the risk of worm or other automated remote attacks on Linux systems. The first result of the project was a [[computer security|security]] patch for the [[Linux (kernel)|Linux kernel]] that emulates an [[NX bit]] on [[x86]] [[Central processing unit|CPUs]] that lack a native NX implementation in hardware. While the Exec Shield project has had many other components, some people refer to this first patch as Exec Shield.

The first Exec Shield patch attempts to flag data memory as non-executable and program memory as non-writeable. This suppresses many [[Exploit (computer science)|security exploits]], such as those stemming from [[buffer overflow]]s and other techniques relying on overwriting data and inserting code into those structures.  Exec Shield also supplies some [[address space layout randomization]] for the [[mmap]]() and heap base.

The patch additionally increases the difficulty of inserting and executing [[shellcode]], rendering most exploits ineffective. No application recompilation is necessary to fully utilize exec-shield, although some applications ([[Mono (software)|Mono]], [[Wine (software)|Wine]], [[XEmacs]], [[Mplayer]]) are not fully compatible.

Other features that came out of the Exec Shield project were the [[Position-independent code|Position Independent Executables]] (PIE), the address space randomization patch for Linux kernels, a wide set of glibc internal security checks that make heap and format string exploits near impossible, the GCC [[Fortify Source]] feature, and the port and merge of the GCC [[Buffer overflow protection#GCC Stack-Smashing Protector .28ProPolice.29|stack-protector]] feature.

== Implementation ==
Exec Shield works on all x86 CPUs utilizing the Code Segment limit.  Because of the way Exec Shield works, it is very lightweight; however, it won't fully protect arbitrary [[virtual memory]] layouts.  If the CS limit is raised, for example by calling mprotect() to make higher memory executable, then the protections are lost below that limit.  [[Ingo Molnar]] points this out in an e-mail conversation.  Most applications are fairly sane at this; the stack (the important part) at least winds up above any mapped libraries, so does not become executable except by explicit calls by the application.

As of August, 2004, nothing from the Exec Shield projects attempt to enforce memory protections by restricting [[mprotect]]() on any architecture; although memory may not initially be executable, it may become executable later, so the kernel will allow an application to mark memory pages as both writable and executable at the same time. However, in cooperation with the [[Security-Enhanced Linux]] project (SELinux), the standard policy for the [[Fedora (operating system)|Fedora Core]] distribution does prohibit this behavior for most executables, with only a few exceptions for compatibility reasons.
<!--Binary markings:  PT_GNU_STACK, PT_GNU_HEAP-->

== History ==
Exec Shield was developed by various people at Red Hat; the first patch was released by [[Ingo Molnar]] of Red Hat and first released in May 2003. It is part of Fedora Core 1 through 6 and Red Hat Enterprise Linux since version 3.<ref>{{cite web|url=http://docs.fedoraproject.org/release-notes/fc1/x86/ |title=Fedora Core 1 Release Notes |access-date=2007-10-18 |date=November 2003 |work=Red Hat, Inc. |archive-url=https://web.archive.org/web/20031202145058/http://fedora.redhat.com/docs/release-notes/ |archive-date=2003-12-02 }}</ref><ref>{{cite web|url=http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf |title=New Security Enhancements in Red Hat Enterprise Linux v.3, update 3 |access-date=2007-10-18 |last=van de Ven |first=Arjan |date=August 2004 |work=Red Hat, Inc. |archive-url=https://web.archive.org/web/20050512030425/http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf |archive-date=2005-05-12 }}</ref> Other people involved include Jakub Jelínek, [[Ulrich Drepper]], Richard Henderson and Arjan van de Ven.

Molnar commented in 2007 on [[LWN.net]] that "bits of [exec-shield] went upstream, but a fair chunk didn't."<ref>{{cite web |title=time it takes to get a project into the upstream kernel [LWN.net] |url=https://lwn.net/Articles/242912/ |website=lwn.net}}</ref>

== See also ==
{{Portal|Free and open-source software}}

*[[NX bit]]
*[[Openwall]]
*[[StackGuard]]
*[[W^X]]

==References==
<references />

==External links==
*[http://people.redhat.com/mingo/exec-shield/ Ingo Molnar's Exec Shield patch web page] {{Webarchive|url=https://web.archive.org/web/20160304193747/http://people.redhat.com/mingo/exec-shield/ |date=2016-03-04 }}, includes documentation in the file [http://people.redhat.com/mingo/exec-shield/ANNOUNCE-exec-shield ANNOUNCE-exec-shield] {{Webarchive|url=https://web.archive.org/web/20040805092843/http://people.redhat.com/mingo/exec-shield/ANNOUNCE-exec-shield |date=2004-08-05 }}
*[https://web.archive.org/web/20050207064757/http://www.newsforge.com/os/03/05/02/1914223.shtml?tid=23 Newsforge Feature Article]
*[https://web.archive.org/web/20070208094418/http://www.redhat.com/magazine/009jul05/features/execshield/ Red Hat Magazine Feature/Project Article]
*[http://seclists.org/dailydave/2007/q2/107 Negative security issues with ExecShield]

{{Linux kernel}}

[[Category:Linux]]
[[Category:Linux security software]]
[[Category:Operating system security]]