In computer security, PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. This approach allows computer programs to do only what they have to be able to do to execute properly, and nothing more. PaX flags data memory as non-executable and program memory as non-writable; and randomly arranges the program memory. This effectively prevents many security exploits, such as those stemming from buffer overflows. The former prevents direct code injection absolutely; while the latter makes so-called return-to-libc (ret2libc) attacks indeterminate, relying on luck to succeed. PaX was first released in the year 2000. (more...)
Recently featured: Behistun Inscription – Laika – Common scold