[EMAIL PROTECTED] wrote:
> On 14 Feb 2007 at 17:09, "Tino Müller" wrote:
> 
>> #
>> # Non-executable pages
>> #
>> CONFIG_PAX_NOEXEC=y
> 
> maybe if you actually enabled any of the non-exec implementations... ;-)
> 

Unfortunately I can't, because the config options are gone.

With ACCEPT_KEYWORDS=x86 the kernel version 2.6.18 is installed. Then I find 
after running "make menuconfig":

Security options  --->
PaX  --->
 [*] Enable various PaX features
 PaX Control  --->
  [*] Use ELF program header marking
 Non-executable pages  --->
  [*] Enforce non-executable pages
  [*]   Paging based non-executable pages
  [*]   Segmentation based non-executable pages
         Default non-executable page method (SEGMEXEC)  --->
  [*] Emulate trampolines
  [*] Restrict mprotect()
  [*]   Disallow ELF text relocations
  [*] Enforce non-executable kernel pages

With ACCEPT_KEYWORDS=~x86 the kernel version 2.6.19-r6 is installed. Then I 
find:

Security options  --->
PaX  --->
 [*] Enable various PaX features
 PaX Control  --->
  [*] Use ELF program header marking
 Non-executable pages  --->
  [*] Enforce non-executable pages


With hardened-sources-2.6.19-r6 I can't enable any of the non-exec 
implementations.
I tried to enable them by adding the option in the .config file directly, but 
that didn't changed anything.

When I enable Security Level High within the Grsecurity options, then the 
options are like this:

Security options  --->
PaX  --->
 [*] Enable various PaX features
 PaX Control  --->
  [*] Use ELF program header marking
 Non-executable pages  --->
  --- Enforce non-executable pages
  [*] Emulate trampolines
  --- Restrict mprotect()
  [*]   Disallow ELF text relocations
Grsecurity  --->
 [*] Grsecurity
  Security Level (High)  --->

But a kernel with these settings don't boot, because init is prevented to start.


I'm installing the system once again. This time with ACCEPT_KEYWORDS=x86 and 
hardened-sources-2.6.18. I will post the results.

Tino
-- 
[email protected] mailing list

Reply via email to