| 1 |
Hi! |
| 2 |
|
| 3 |
On Mon, Nov 10, 2008 at 12:31:17PM +0100, atoth@××××××××××.hu wrote: |
| 4 |
> Question is: do you use a hardened toolchain pie-ssp enabled, or a |
| 5 |
> regular? It would be interesting to test it using a non-hardened userland |
| 6 |
> with a grsec-enabled kernel... |
| 7 |
|
| 8 |
I use hardened toolchain, but it's ease to test with non-hardened: |
| 9 |
|
| 10 |
home ~ # gcc-config -l |
| 11 |
[1] i686-pc-linux-gnu-3.4.6 * |
| 12 |
[2] i686-pc-linux-gnu-3.4.6-hardenednopie |
| 13 |
[3] i686-pc-linux-gnu-3.4.6-hardenednopiessp |
| 14 |
[4] i686-pc-linux-gnu-3.4.6-hardenednossp |
| 15 |
[5] i686-pc-linux-gnu-3.4.6-vanilla |
| 16 |
home ~ # gcc-config 5 |
| 17 |
home ~ # source /etc/profile |
| 18 |
home ~ # emerge perl coreutils |
| 19 |
... |
| 20 |
|
| 21 |
No, that doesn't change anything. The |
| 22 |
perl -e 'exec $ARGV[0]' /bin/pwd |
| 23 |
is still report in kernel log: |
| 24 |
2008-11-10_12:22:46.77911 kern.alert: grsec: denied resource overstep by |
| 25 |
requesting 164823040 for RLIMIT_STACK against limit 8388608 for |
| 26 |
/bin/pwd[pwd:25759] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1828] |
| 27 |
uid/euid:0/0 gid/egid:0/0 |
| 28 |
|
| 29 |
-- |
| 30 |
WBR, Alex. |
Archives