PaX

see also: Etymology of PaX

In the field of the Computer security, PaX is a patch for the Noyau Linux. PaX was created in 2000 and uses an approach which makes it possible the computer programs to do only what they have to carry out properly, and anything more.

One of the mechanisms implemented is that each segment of the memory can be reached either in writing, or in execution, but never both. That returns in particular the exploitation of the goings beyond of plug more difficult to realize. This restriction existed already before at the material level on certain architectures, but PaX is a software implementation. Other establishments of this same system exist for other operating systems of which W^X for OpenBSD.

The processors AMD64 (inter alia) have this system at the material level, but it is necessary that the Operating system supports it so that it is used.

The March 4th 2005, an advertisement specifies that Pax would be definitively abandoned on April 1st 2005 after the discovery of critical flaws which made even remotely the system hackable, which, to take again the words of the author, discredited it for what it had fought up to that point. It is not the first time that critical flaws are discovered in the programs precisely charged to increase the safety of the system. Thus the Système of detection of intrusion Snort was also the target of pirates who exploited security breaches which there had been discovered and announced a little before.

These faults since were patchées, but of new faults are unceasingly discovered. The complexity of these programs returns the eradication of the bugs of safety impossible to guarantee, the human one being fallible. Moreover, new types of security breach are unceasingly discovered.

Brad Spengler proposed to take again the project.

See too

External bonds

Official site
Exploit Mitigation Techniques (on OpenBSD )

Random links: