Gentoo Archives: gentoo-hardened

From: Brian Kroth <bpkroth@××××.edu>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] some pax questions
Date: Wed, 21 Nov 2007 18:51:11
Message-Id: 20071121184909.GF4710@bpkroth-tux.hslc.wisc.edu
1 Still sifting through the docs, so I apologize if these are answered elsewhere.
2
3 - In the docs for ASLR it notes that a side effect is memory space
4 fragmentation. How is this dealt with, if at all? Perhaps this isn't as big
5 a problem as I think it is.
6
7 - In the pspax output, under MAPS, is w^x meant to indicate that the process has
8 writable AND executable maps, or that it has writable but NOT executable maps?
9 I presume the other output, w|x, (which I don't seem to have any of) is an OR,
10 meaning the process has maps that have both bits set, correct?
11
12 - I was going to try setting up a hardened kernel on a machine without the
13 hardened toolchain a little bit later today. From my reading so far, I won't
14 get SSP or PIE (by default), and ASLR would use RANDEXEC on ET_EXEC binaries,
15 rather than RANDMMAP, but everything else should still work - correct?
16 However, in looking through the kernel on one of my other machines, RANDEXEC
17 doesn't show up in menuconfig. Will the other two memory areas still be
18 randomized where applicable? Do I need to just add RANDEXEC manually to my
19 .config or is there some special combo that hides it?
20
21 Thanks,
22 Brian

Attachments

File name MIME type
smime.p7s application/x-pkcs7-signature

Replies

Subject Author
Re: [gentoo-hardened] some pax questions RB <aoz.syn@×××××.com>
Re: [gentoo-hardened] some pax questions pageexec@××××××××.hu