On Wed, 22 Jan 2014 16:16:21 -0800 Andrew Merenbach <[email protected]> wrote:
> I installed the i386 architecture and installed the `paxtest' suite. My > results were fairly disappointing, to be honest: > > $ sudo paxtest blackhat > > Executable anonymous mapping (mprotect) : Vulnerable > > Executable bss (mprotect) : Vulnerable > > Executable data (mprotect) : Vulnerable > > Executable heap (mprotect) : Vulnerable > > Executable stack (mprotect) : Vulnerable > > Executable shared library bss (mprotect) : Vulnerable > > Executable shared library data (mprotect): Vulnerable > > Writable text segments : Vulnerable It's a good idea to configure the kernel (grsec options) before recompiling. Probably MPROTECT feature is not enabled in kernel, or your CPU doesn't have NX bit feature. > A followup there links to the following bug, "linux-2.6: [RFC] Add a grsec > featureset to Debian kernels": > > <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090> This would of course be the real solution. -- Education is a process of making people see what is advanced and not obvious, but also not see what is basic and obvious. http://markorandjelovic.hopto.org -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
