Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "Tino Müller" <gnaag@×××.de>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Setting up Hardened Gentoo
Date: Thu, 15 Feb 2007 09:06:48
Message-Id: 20070215090455.209190@gmx.net
In Reply to: Re: [gentoo-hardened] Setting up Hardened Gentoo by pageexec@freemail.hu
1 pageexec@××××××××.hu wrote:
2 > On 14 Feb 2007 at 17:09, "Tino Müller" wrote:
3 >
4 >> #
5 >> # Non-executable pages
6 >> #
7 >> CONFIG_PAX_NOEXEC=y
8 >
9 > maybe if you actually enabled any of the non-exec implementations... ;-)
10 >
11
12 Unfortunately I can't, because the config options are gone.
13
14 With ACCEPT_KEYWORDS=x86 the kernel version 2.6.18 is installed. Then I find after running "make menuconfig":
15
16 Security options --->
17 PaX --->
18 [*] Enable various PaX features
19 PaX Control --->
20 [*] Use ELF program header marking
21 Non-executable pages --->
22 [*] Enforce non-executable pages
23 [*] Paging based non-executable pages
24 [*] Segmentation based non-executable pages
25 Default non-executable page method (SEGMEXEC) --->
26 [*] Emulate trampolines
27 [*] Restrict mprotect()
28 [*] Disallow ELF text relocations
29 [*] Enforce non-executable kernel pages
30
31 With ACCEPT_KEYWORDS=~x86 the kernel version 2.6.19-r6 is installed. Then I find:
32
33 Security options --->
34 PaX --->
35 [*] Enable various PaX features
36 PaX Control --->
37 [*] Use ELF program header marking
38 Non-executable pages --->
39 [*] Enforce non-executable pages
40
41
42 With hardened-sources-2.6.19-r6 I can't enable any of the non-exec implementations.
43 I tried to enable them by adding the option in the .config file directly, but that didn't changed anything.
44
45 When I enable Security Level High within the Grsecurity options, then the options are like this:
46
47 Security options --->
48 PaX --->
49 [*] Enable various PaX features
50 PaX Control --->
51 [*] Use ELF program header marking
52 Non-executable pages --->
53 --- Enforce non-executable pages
54 [*] Emulate trampolines
55 --- Restrict mprotect()
56 [*] Disallow ELF text relocations
57 Grsecurity --->
58 [*] Grsecurity
59 Security Level (High) --->
60
61 But a kernel with these settings don't boot, because init is prevented to start.
62
63
64 I'm installing the system once again. This time with ACCEPT_KEYWORDS=x86 and hardened-sources-2.6.18. I will post the results.
65
66 Tino
67 --
68 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] Setting up Hardened Gentoo pageexec@××××××××.hu
Report Message
Find on MARC Find on Google Groups