Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Philipp Riegger <lists@××××××××××××.de>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] NX bit on VIA C7
Date: Wed, 02 May 2007 20:35:47
Message-Id: 80D0C5A7-1851-4222-BFFF-488F7F0489AC@anderedomain.de
In Reply to: Re: [gentoo-hardened] NX bit on VIA C7 by Philipp Riegger
1 On 02.05.2007, at 22:36, Philipp Riegger wrote:
2
3 > I'm not sure wich tests you mean. I'll post the complete log of the
4 > test with hardened sources and the differences between the tests as
5 > soon as i finish them.
6
7 Ok. This is strange now. everything seems to work:
8
9 May 2 19:29:53 chris NX (Execute Disable) protection: active
10 May 2 19:58:20 chris NX (Execute Disable) protection: active
11
12 This are the 2 kernels i booted today. And since i only booted 2
13 kernels today, 1 hardened and 1 vanilla, hardware nx shoul hopefully
14 work now. The paxtest results were also as expected, not hardened was
15 only more vulnerable.
16
17 But:
18
19 I found this demo program on the bug mentioned in my first email (in
20 the link):
21
22 <file name="test.c">
23 #include <dlfcn.h>
24 #include <sys/mman.h>
25 #include <unistd.h>
26
27 int main() {
28 void (*test_func)() = NULL;
29 void *handle;
30 handle = dlopen("./test_so.so", RTLD_NOW);
31 if (!handle)
32 return -1;
33 test_func = dlsym(handle, "prot_test");
34 test_func();
35
36 /*Mprotect it NX*/
37 mprotect( (void*)(((unsigned long)test_func) & ~(getpagesize
38 () - 1)), ge
39 tpagesize(), PROT_READ|PROT_WRITE);
40
41 test_func();
42 return 1;
43 }
44 </file>
45 <file name="test_so.c">
46 #include <stdio.h>
47
48 void prot_test() {
49 printf("Test function run successfully!\n");
50 }
51 </file>
52
53 This should be built using
54 gcc -O2 -shared -fpic test_so.c -o test_so.so
55 gcc -O2 test.c -o test -ldl
56 and on vanilla sources the second one segfaults for me, on hardened
57 sources it works. So hardened sources seem to be wrong. What might be
58 the reason for that?
59
60 Philipp
61 --
62 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] NX bit on VIA C7 pageexec@××××××××.hu
Report Message
Find on MARC Find on Google Groups