[grsec] PaX
Banszki Gabor
banszki.gabor at chello.hu
Mon May 2 11:19:34 EDT 2005
Hi guys,
I just patched a kernel 2.6.11.7 with grsec, and activated the PaX flags
below:
grsec:/usr/src/linux# cat .config | grep PAX | grep -v set
CONFIG_PAX=y
CONFIG_PAX_SOFTMODE=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_SEGMEXEC=y
CONFIG_PAX_DEFAULT_SEGMEXEC=y
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
CONFIG_PAX_NOVSYSCALL=y
After the paxtest-0.9.5 I have 5 remaining vulnerablity:
ain executable randomisation (ET_EXEC) : No randomisation
Return to function (strcpy) : Vulnerable
Return to function (strcpy, RANDEXEC) : Vulnerable
Return to function (memcpy) : Vulnerable
Return to function (memcpy, RANDEXEC) : Vulnerable
I read all documents on http://pax.grsecurity.net, but I don't
understand what is the cause of this?
What do I have to do for activating these 5 features?
Thank you....
Gabor Banszki
More information about the grsecurity
mailing list