| 1 |
On 9 Jan 2007 at 9:43, Adam James wrote: |
| 2 |
|
| 3 |
> On my hardened amd64 system, ts will not run at all, even with all |
| 4 |
> protections disabled via chpax. However, when using chpax to disable |
| 5 |
> PAGE_EXEC on an i386 system, ts will start. This led me to believe that |
| 6 |
> on architectures where the NX bit is supported natively by the |
| 7 |
> kernel/Pax [1], the protection cannot be disabled on a per-binary |
| 8 |
> basis. Perhaps someone more knowledgeable can clarify this? |
| 9 |
|
| 10 |
i just posted an explanation for this behaviour and would also |
| 11 |
add here that in the vanilla kernel there's a way to control |
| 12 |
(simulate) the older 'read implies exec' behaviour (which would |
| 13 |
be an alternative to hexediting the program header): it's |
| 14 |
determined by the PT_GNU_STACK program header. if it's not |
| 15 |
present or specifies RWE rights then the 'read implies exec' |
| 16 |
personality will be automatically turned on (that is, when |
| 17 |
PaX/MPROTECT is already disabled on the binary). so execstack -s |
| 18 |
may also get such apps to work. |
| 19 |
|
| 20 |
|
| 21 |
-- |
| 22 |
gentoo-hardened@g.o mailing list |
Archives