Re: Security and PAX

2015-06-19 Thread rhino64
On Tue, Jun 16, 2015 at 02:41:45PM -0400, Christos Zoulas wrote: > On Jun 16, 7:54pm, rhin...@epost.ch (rhin...@epost.ch) wrote: > -- Subject: Re: Security and PAX > > | Hoewever, I get a new error message when I try to do manually > | the link command: > | >

Re: Security and PAX

2015-06-16 Thread rhino64
On Mon, Jun 15, 2015 at 09:59:34AM -0400, Christos Zoulas wrote: > On Jun 15, 9:15am, rhin...@epost.ch (rhin...@epost.ch) wrote: > -- Subject: Re: Security and PAX > > | I will send you this info soon. Should I recompile Userland programs and > libs > | with the parameter "-fpic". If I remembe

Re: Security and PAX

2015-06-15 Thread rhino64
On Sun, Jun 14, 2015 at 12:57:44PM -0400, Christos Zoulas wrote: > On Jun 14, 6:39pm, rhin...@epost.ch (rhin...@epost.ch) wrote: > -- Subject: Re: Security and PAX > > | Hi, > | > | finally I have tried to use these parameters to compile pseudo statically a > | big program (zsh) but without too

Re: Security and PAX

2015-06-14 Thread rhino64
, NetBSD provides a tool, paxctl(8), to enable _P_a_X _A_S_L_R on a per-program basis. kind regards, rhino64 On Sun, Jun 07, 2015 at 06:59:31PM +, Christos Zoulas wrote: > > Yes, but... > > $ cc -static -Wl,-I/libexec/ld.elf_so -fpie -Wl,-pie pie.c -lc_pic > >

Re: Security and PAX

2015-06-07 Thread rhino64
On Sun, Jun 07, 2015 at 04:14:20PM +, Christos Zoulas wrote: > 1,2,3,4 pie... > > $ cc -fpie -Wl,-pie pie.c > $ paxctl +A ./a.out > # sysctl -w security.pax.aslr.enable=1 > $ ./a.out > > christos Yes with your command ("cc -fpie -Wl,-pie pie.c"), it works. However, when compiled statically

Re: Security and PAX

2015-06-07 Thread rhino64
Hi, I have just tested your program and only the address of the stack seems to be different. Do I have missed someting? --Log of my tests-- Script started on Sun Jun 7 18:06:49 2015 virtualisation# gcat testASLR.c #include

Re: Security and PAX

2015-06-07 Thread rhino64
to have worked. Where should the variable MKPIE be set (in the kernel/world config file)? How is it possible to check if a program is running with ASLR? I suppose that, by looking at the address space of the program, it is possible to see that the base address should change at each execution. Is that possible and how to do it? Thanks for your help. kind regards, rhino64

NPF pf difference

2015-06-06 Thread rhino64
I have not seen any mention of equivalent functions in NPF. For what reason does one choose NPF over PF (or PF over NPF)? Any idea would be greatly appreciated. Thank for your help, Kind regards, rhino64

Security and PAX

2015-06-06 Thread rhino64
nd perhaps configure) that feature? Sould the executables being compiled with the "-fpie" option? Any comment would be greatly appreciated? kind regards, rhino64