[grsec] randomize_va_space and PaX ASLR : bad interactions ?

Tristan de Cacqueray tweety.list at gmail.com
Fri Jan 13 14:03:38 EST 2006


On 1/13/06, pageexec at freemail.hu <pageexec at freemail.hu> wrote:
> On 13 Jan 2006 at 17:13, Tristan de Cacqueray wrote:
> > OK, then I was wondering if you disabled the 2.6's own randomization.
>
> when ASLR is enabled (in the kernel config and on your executables)
> then PaX will override the kernel's randomization and do its own as
> it always did.
>
> if you disable ASLR on your executables (via paxctl or the ACLs) then
> the kernel's own will kick in (modulo the randomize_va_space sysctl).
>
> if you want to completely disable ASLR at runtime then you can set the
> kernel's own sysctl to turn off both PaX and the kernel's randomization.
>
> i know it sounds like a mess but it's not of my making, i just tried
> to make the most reasonable decision to coexist. maybe the whole exercise
> is not worth it and i should just remove the conflicting kernel code.
>
>

Thanks for clarifying !


More information about the grsecurity mailing list