[grsec] PaX
pageexec at freemail.hu
pageexec at freemail.hu
Mon May 2 18:53:59 EDT 2005
> I tested it with 0.9.6 with same result. The result seems to be true.
>
> And I just can see the grsecurity-2.1.5 does not contain the
>
> CONFIG_PAX_RANDEXEC
>
> feature.
only the config option was removed and it's because RANDEXEC
is being obsoleted. the solution for main executable randomization
is PIE, for detecting some ret2libc attacks one can use SSP,
else there's nothing you can do right now (so even if a given
approach passes the ret2libc attack simulations of paxtest,
it doesn't mean it can detect all variations, therefore it's
far from being a guarantee).
More information about the grsecurity
mailing list