Herald ten Dam wrote: >....In paragraph 2.9.9 it stated: "Starting with the 2.6.x >kernel releases, Linux offers Address Space Layout >Randomization (ASLR) and the No-eXecute (NX bit) for >mitigation of buffer overflow attacks." So possibly it >is in sles11, but certaintly in sles12.
That statement is generic and varies by architecture. For example, KASLR (Kernel Address Space Layout Randomization) on s390x architecture debuted in Linux kernel 5.2. Linux distributors pretty routinely backport new features to earlier kernel release levels, and it looks like SUSE has done that for KASLR on s390x with SUSE 15 SP1 at least. Mark Post probably has more details how far back it goes, but I wouldn't assume any SLES 12 or prior. Back to Victor's original question for a moment: >Does anyone knows is under z/Linux, SUSE, exist a feature >to protect from buffer overflow attacks? Yes, please have a look at Secure Execution for Linux and IBM Hyper Protect Virtual Servers (with Secure Build) as critical security enablers for this class of issues and others. For example, SUSE introduced support for Secure Execution for Linux with SLES 15 SP2. A few more details are available on SUSE's blog here: https://www.suse.com/c/security-at-the-core-suse-support-for-the-new-ibm-z15-and-linuxone/ SUSE released SLES 15 SP2 in July, 2020. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
