[grsec] PaX
Banszki Gabor
banszki.gabor at chello.hu
Mon May 2 13:27:57 EDT 2005
Rene and Peter,
Thank you for your quick answers.
I tested it with 0.9.6 with same result. The result seems to be true.
And I just can see the grsecurity-2.1.5 does not contain the
CONFIG_PAX_RANDEXEC
feature.
Thank you again
Gabor
On Mon, 2005-05-02 at 18:40 +0200, Peter S. Mazinger wrote:
> On Mon, 2 May 2005, Banszki Gabor wrote:
>
> > Hi guys,
> >
> >
> > I just patched a kernel 2.6.11.7 with grsec, and activated the PaX flags
> > below:
> >
> > grsec:/usr/src/linux# cat .config | grep PAX | grep -v set
> > CONFIG_PAX=y
> > CONFIG_PAX_SOFTMODE=y
> > CONFIG_PAX_EI_PAX=y
> > CONFIG_PAX_PT_PAX_FLAGS=y
> > CONFIG_PAX_NO_ACL_FLAGS=y
> > CONFIG_PAX_NOEXEC=y
> > CONFIG_PAX_PAGEEXEC=y
> > CONFIG_PAX_SEGMEXEC=y
> > CONFIG_PAX_DEFAULT_SEGMEXEC=y
> > CONFIG_PAX_MPROTECT=y
> > CONFIG_PAX_ASLR=y
> > CONFIG_PAX_RANDKSTACK=y
> > CONFIG_PAX_RANDUSTACK=y
> > CONFIG_PAX_RANDMMAP=y
> > CONFIG_PAX_NOVSYSCALL=y
> >
> > After the paxtest-0.9.5 I have 5 remaining vulnerablity:
> >
> > ain executable randomisation (ET_EXEC) : No randomisation
> > Return to function (strcpy) : Vulnerable
> > Return to function (strcpy, RANDEXEC) : Vulnerable
> > Return to function (memcpy) : Vulnerable
> > Return to function (memcpy, RANDEXEC) : Vulnerable
>
> the 4 vulnerable funcs are normal, those can be solved by building your
> apps w/ ssp enabled gcc and/or use RBAC.
> the ET_EXEC randomization depends on your arch/libc.
>
> The test itself could be wrong too, try paxtest-0.9.6 (or newer).
>
> Peter
>
--
Banszki Gabor <banszki.gabor at chello.hu>
More information about the grsecurity
mailing list