1 |
Hi! |
2 |
|
3 |
On Mon, Nov 10, 2008 at 12:31:17PM +0100, atoth@××××××××××.hu wrote: |
4 |
> Question is: do you use a hardened toolchain pie-ssp enabled, or a |
5 |
> regular? It would be interesting to test it using a non-hardened userland |
6 |
> with a grsec-enabled kernel... |
7 |
|
8 |
I use hardened toolchain, but it's ease to test with non-hardened: |
9 |
|
10 |
home ~ # gcc-config -l |
11 |
[1] i686-pc-linux-gnu-3.4.6 * |
12 |
[2] i686-pc-linux-gnu-3.4.6-hardenednopie |
13 |
[3] i686-pc-linux-gnu-3.4.6-hardenednopiessp |
14 |
[4] i686-pc-linux-gnu-3.4.6-hardenednossp |
15 |
[5] i686-pc-linux-gnu-3.4.6-vanilla |
16 |
home ~ # gcc-config 5 |
17 |
home ~ # source /etc/profile |
18 |
home ~ # emerge perl coreutils |
19 |
... |
20 |
|
21 |
No, that doesn't change anything. The |
22 |
perl -e 'exec $ARGV[0]' /bin/pwd |
23 |
is still report in kernel log: |
24 |
2008-11-10_12:22:46.77911 kern.alert: grsec: denied resource overstep by |
25 |
requesting 164823040 for RLIMIT_STACK against limit 8388608 for |
26 |
/bin/pwd[pwd:25759] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1828] |
27 |
uid/euid:0/0 gid/egid:0/0 |
28 |
|
29 |
-- |
30 |
WBR, Alex. |