[grsec] PaX
Banszki Gabor
banszki.gabor at chello.hu
Tue May 3 16:17:48 EDT 2005
Dear pageexec at freemail.hu,
You make me curious.....
I am using Debian Sid with Vanilla 2.6.11.7-grsec
Is it possible to compile a Position Independent Executable on Debian?
Should I replace my gcc for this? To what?
Is there somewhere a gcc and binutils debian packagse what support
"-fpie" and "fPIE" options?
Is there here enough things for this issue? (I don't think so):
http://www.grsecurity.net/debian/dists/unstable/main/binary-i386/
Should I use Gentoo?
Thanx
On Mon, 2005-05-02 at 23:53 +0100, pageexec at freemail.hu wrote:
> > I tested it with 0.9.6 with same result. The result seems to be true.
> >
> > And I just can see the grsecurity-2.1.5 does not contain the
> >
> > CONFIG_PAX_RANDEXEC
> >
> > feature.
>
> only the config option was removed and it's because RANDEXEC
> is being obsoleted. the solution for main executable randomization
> is PIE, for detecting some ret2libc attacks one can use SSP,
> else there's nothing you can do right now (so even if a given
> approach passes the ret2libc attack simulations of paxtest,
> it doesn't mean it can detect all variations, therefore it's
> far from being a guarantee).
>
--
Banszki Gabor <banszki.gabor at chello.hu>
More information about the grsecurity
mailing list