1 |
> Called post-mortem analysis. No tricks, just gdb. |
2 |
|
3 |
I thought gdb didn't work on code compiled as a PIE? (Ala |
4 |
http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xml) If you've had |
5 |
success in this area, I'd like to know, so I can update the documentation. |
6 |
|
7 |
My question is - can you get the process running past the point of the PaX |
8 |
fault? That's what I want to achieve, because not all such faults are |
9 |
security compromising, and the user may not have had the foresight to set the |
10 |
PaX markings appropriately before running the application. (The main |
11 |
limitation of the chpax/paxctl tools.) |
12 |
|
13 |
> The mechanism is not real-time, the changes should be applied before |
14 |
> running. However the settings are preserved. |
15 |
|
16 |
Yes, in the ELF header. I was asking about the possibility of real-time |
17 |
changes to processes in the future of PaX, as I know about this limitation of |
18 |
the current chpax/paxctl tools. |
19 |
|
20 |
Thanks for your assistance, however. |
21 |
|
22 |
On Fri, 15 Feb 2008, atoth@××××××××××.hu wrote: |
23 |
> On Pén, Február 15, 2008 05:14, Geoff Kassel wrote: |
24 |
> > Hmm... I didn't know that you could restore a process fully from a core |
25 |
> > dump - |
26 |
> > hence the question. (My ignorance is showing again :) How interesting. In |
27 |
> > that case, there is no difference between the process image serialisation |
28 |
> > and |
29 |
> > the coredump, so I'm sorry for wasting your time on that hypothetical. |
30 |
> |
31 |
> Called post-mortem analysis. No tricks, just gdb. |
32 |
> |
33 |
> > Is such a real-time removal of protections possible with the way PaX is |
34 |
> > currently implemented? If not, I think it'd be an interesting feature in |
35 |
> > the |
36 |
> > eventuality of such a process suspension feature being developed. |
37 |
> |
38 |
> Please take a look at paxctl (there's an ebuild for it). MPROTECT can be |
39 |
> also fine-tuned on a per-process basis. The mechanism is not real-time, |
40 |
> the changes should be applied before running. However the settings are |
41 |
> preserved. |
42 |
> |
43 |
> Regards, |
44 |
> Dw. |
45 |
> |
46 |
> -- |
47 |
> dr Tóth Attila, Radiológus Szakorvos jelölt, 06-20-825-8057, |
48 |
> 06-30-5962-962 Attila Toth MD, Radiologist in Training, +36-20-825-8057, |
49 |
> +36-30-5962-962 |
50 |
-- |
51 |
gentoo-hardened@l.g.o mailing list |