Am 23.01.2014 um 13:31 schrieb Marko Randjelovic <[email protected]>:
> On Wed, 22 Jan 2014 16:16:21 -0800 > Andrew Merenbach <[email protected]> wrote: > >> I installed the i386 architecture and installed the `paxtest' suite. My >> results were fairly disappointing, to be honest: > >>> $ sudo paxtest blackhat >>> Executable anonymous mapping (mprotect) : Vulnerable >>> Executable bss (mprotect) : Vulnerable >>> Executable data (mprotect) : Vulnerable >>> Executable heap (mprotect) : Vulnerable >>> Executable stack (mprotect) : Vulnerable >>> Executable shared library bss (mprotect) : Vulnerable >>> Executable shared library data (mprotect): Vulnerable >>> Writable text segments : Vulnerable > > It's a good idea to configure the kernel (grsec options) before > recompiling. Probably MPROTECT feature is not enabled in kernel, or your > CPU doesn't have NX bit feature. > >> A followup there links to the following bug, "linux-2.6: [RFC] Add a grsec >> featureset to Debian kernels": >> >> <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090> > > This would of course be the real solution. I would also like this. Yesterday I started compiling 3.2.54 with grsec and PaX. A ready debian kernel(-source) with grsec and PaX would be fine. Currently I am distributing my special packages via my own repository - is there any concern when making it public (copyright, etc.)? > > -- > Education is a process of making people see what is advanced and not > obvious, but also not see what is basic and obvious. > > http://markorandjelovic.hopto.org > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: http://lists.debian.org/[email protected] > Kevin Olbrich. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
