[rsbac] Fwd: some PaX Q&A

Amon Ott ao at rsbac.org
Wed Feb 26 11:16:53 MET 2003


----------  Forwarded Message  ----------

Subject: some PaX Q&A
Date: Wed, 26 Feb 2003 01:13:14 +0100
From: pageexec at freemail.hu
To: Amon Ott <ao at rsbac.org>

hello,

i was just browsing the RSBAC mail archives and saw that you and
others were discussing PaX. i'd like to clarify some of the issues
raised:

1. PaX and Solar Designer's patch: they are unrelated to each other,
   the link on our site is because his is another attempt for a similar
   thing that PaX does (along w/ RSX and kNoX). note also that his
   patch is not a true non-executable patch like PaX, it makes only
   the primary thread's stack non-executable (and only the upper 8 MB
   of it, but that's probably not a problem in real life for most apps).

2. stability: anything before last december is not comparable in quality
   to the current patches, so (bad) experiences based on them should be
   reevaluated before making a decision.

3. recompilation/linking: this is indeed the encouraged way to fully
   utilize randomization, and since one of the guys seems to be working
   on a distro (trusted debian if i'm not mistaken), it'd actually be an
   interesting initiative to begin to provide new make targets for the
   most affected daemons and produce the ET_DYN ELF executables without
   further user intervention. for some examples you can take a look at
   http://www.grsecurity.net/grsec-et_dyn.tar.gz which should give you
   an idea about the changes needed (normally a few lines of change in
   the makefiles). also check out et_dyn.zip on the PaX site, it'll be
   needed to produce position independent executables.



-------------------------------------------------------

-- 

Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22


More information about the rsbac mailing list