News  |  Vulnerabilities  |  Papers  |  Projects  |  About  |  Contact
kNoX   - implementation of non-executable page protection mechanism

kNoX provides non-executable page protection mechanism into Linux kernel on i386 architectures. The implementation is very effective without impact on system performance, thus it seems to be the fastest of all available similiar solutions.


Non-executable page protection mechanism is an essential security feature of kNoX patch. However, it also provides some other extra features, mostly ripped from Openwall patch:

  • Destroying shared memory segments that are not in use by any process
  • Enforcing RLIMIT_NPROC on execve(2) system call
  • Special handling of fd 0, 1, and 2, assurance that these FDs are always open
  • Restricted /proc kernel interface
  • Restricted FIFOs in +t directories
  • Restricted links in +t directories

    kNoX is run-time configurable via sysctl interface.

    Currently, the only available version is destinated for 2.2.x kernels.

    For more details refer to README file shipped with source tarball.

    Latest stable version:  none
    Latest prelease version:  2.2.20-rc2  Changelog
    Latest development version:  none

      Copyright © 2001-2015 iSEC Security Research. All rights reserved.