[EMAIL PROTECTED] wrote:
> On 14 Feb 2007 at 17:09, "Tino Müller" wrote:
>
>> #
>> # Non-executable pages
>> #
>> CONFIG_PAX_NOEXEC=y
>
> maybe if you actually enabled any of the non-exec implementations... ;-)
>
Unfortunately I can't, because the config options are gone.
With ACCEPT_KEYWORDS=x86 the kernel version 2.6.18 is installed. Then I find
after running "make menuconfig":
Security options --->
PaX --->
[*] Enable various PaX features
PaX Control --->
[*] Use ELF program header marking
Non-executable pages --->
[*] Enforce non-executable pages
[*] Paging based non-executable pages
[*] Segmentation based non-executable pages
Default non-executable page method (SEGMEXEC) --->
[*] Emulate trampolines
[*] Restrict mprotect()
[*] Disallow ELF text relocations
[*] Enforce non-executable kernel pages
With ACCEPT_KEYWORDS=~x86 the kernel version 2.6.19-r6 is installed. Then I
find:
Security options --->
PaX --->
[*] Enable various PaX features
PaX Control --->
[*] Use ELF program header marking
Non-executable pages --->
[*] Enforce non-executable pages
With hardened-sources-2.6.19-r6 I can't enable any of the non-exec
implementations.
I tried to enable them by adding the option in the .config file directly, but
that didn't changed anything.
When I enable Security Level High within the Grsecurity options, then the
options are like this:
Security options --->
PaX --->
[*] Enable various PaX features
PaX Control --->
[*] Use ELF program header marking
Non-executable pages --->
--- Enforce non-executable pages
[*] Emulate trampolines
--- Restrict mprotect()
[*] Disallow ELF text relocations
Grsecurity --->
[*] Grsecurity
Security Level (High) --->
But a kernel with these settings don't boot, because init is prevented to start.
I'm installing the system once again. This time with ACCEPT_KEYWORDS=x86 and
hardened-sources-2.6.18. I will post the results.
Tino
--
[email protected] mailing list