-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I have completed an in-house test of a PaX demonstration. The demo includes the PaX patch; a patch I made to suppliment PaX with boot-time selection of NX mode; a script `pax-flags` to mark binaries with chpax/paxctl and execstack (to turn the executable stack bit, PT_GNU_STACK, off); and a configuration script for pax-flags.
The process I followed was a three-phase process which involved 1) running an unadultered Debian base on a non-PaX-patched 2.6.7 kernel (kernel-sources-2.6.7-1); 2) Switching to a PaX-patched version and demonstrating breakage, then demonstrating how flagging effectively works around (and thus mutes) the incompatibilities; and 3) returning to the same kernel used in (1) and running the marked binaries to show that they are unaffected.
A full explaination is in the file:
http://pax.wooyd.org/pax.txt
The directory listing of
http://pax.wooyd.org/
contains the patches used; the logs of the three-phase test (large amounts of output, you really have to search for my input prompts); the pax-flags script (an ugly script at that); and a pax.conf for pax-flags on x86.
It is interesting to note that I messed up in the middle of phase 2, and had to actually track down what was triggering wine; I was pretty sure already, but wanted to test out just -m on it anyway, so took the chance. This process took less than two minutes for me to complete.
Wine is a special case, and needs the -x flag because of the preloader. ~ This was not tracked down during the above noted flagging miss; I added that at the end when I remembered the docs I read about the preloader.
- -- All content of all messages exchanged herein are left in the Public Domain, unless otherwise explicitely stated.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBDBmzhDd4aOud5P8RAkhtAJ9mNrKbN9pVCkEjVv1twt2zUCEpUQCeJCwl gOBAYzaOtae7+WnIdrMKkVQ= =OXR6 -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]