This work presents a code injection prevention technique based on the observation that code injection attacks require a von Neumann memory architecture (that is, an architecture where code and data can come from the same memory space) in order to be successful. We modify the Linux kernel to produce a Harvard architecture (one where code and data are separated) on a per process basis, hence preventing code injection attempts. This work is most similar to the NX-bit in modern processors. (In fact, non-executable pages are a subset of that protection this work provides.)
The system is primarily a patch for Linux 2.6.13. The code, such as it is, is available for download. Feel free to grab a copy from here. There is a bit of documentation inside. If you make improvements, find problems, etc. please pass it along to us.