Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Geoff Kassel <gkassel@×××××××××××××××××.net>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Keeping gentoo-hardened alive (WAS: latest kernel exploit patch for vmsplice coming?)
Date: Fri, 15 Feb 2008 07:55:37
Message-Id: 200802151755.31536.gkassel@users.sourceforge.net
In Reply to: Re: [gentoo-hardened] Keeping gentoo-hardened alive (WAS: latest kernel exploit patch for vmsplice coming?) by atoth@atoth.sote.hu
1 > Called post-mortem analysis. No tricks, just gdb.
2
3 I thought gdb didn't work on code compiled as a PIE? (Ala
4 http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml) If you've had
5 success in this area, I'd like to know, so I can update the documentation.
6
7 My question is - can you get the process running past the point of the PaX
8 fault? That's what I want to achieve, because not all such faults are
9 security compromising, and the user may not have had the foresight to set the
10 PaX markings appropriately before running the application. (The main
11 limitation of the chpax/paxctl tools.)
12
13 > The mechanism is not real-time, the changes should be applied before
14 > running. However the settings are preserved.
15
16 Yes, in the ELF header. I was asking about the possibility of real-time
17 changes to processes in the future of PaX, as I know about this limitation of
18 the current chpax/paxctl tools.
19
20 Thanks for your assistance, however.
21
22 On Fri, 15 Feb 2008, atoth@××××××××××.hu wrote:
23 > On Pén, Február 15, 2008 05:14, Geoff Kassel wrote:
24 > > Hmm... I didn't know that you could restore a process fully from a core
25 > > dump -
26 > > hence the question. (My ignorance is showing again :) How interesting. In
27 > > that case, there is no difference between the process image serialisation
28 > > and
29 > > the coredump, so I'm sorry for wasting your time on that hypothetical.
30 >
31 > Called post-mortem analysis. No tricks, just gdb.
32 >
33 > > Is such a real-time removal of protections possible with the way PaX is
34 > > currently implemented? If not, I think it'd be an interesting feature in
35 > > the
36 > > eventuality of such a process suspension feature being developed.
37 >
38 > Please take a look at paxctl (there's an ebuild for it). MPROTECT can be
39 > also fine-tuned on a per-process basis. The mechanism is not real-time,
40 > the changes should be applied before running. However the settings are
41 > preserved.
42 >
43 > Regards,
44 > Dw.
45 >
46 > --
47 > dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057,
48 > 06-30-5962-962 Attila Toth MD, Radiologist in Training, +36-20-825-8057,
49 > +36-30-5962-962
50 --
51 gentoo-hardened@l.g.o mailing list
Report Message
Find on MARC Find on Google Groups