In article <557315f5.6030...@gmx.com>, Kamil Rytarowski <n...@gmx.com> wrote: >On 06.06.2015 14:35, Christos Zoulas wrote: >> In article <20150606142015.ga61...@nordend.local.sourire.ch>, >> <rhin...@epost.ch> wrote: >>> Hi, >>> I am quite new to netbsd and I am curious about >>> the security mechanisms available. >>> >>> In the security page "http://www.netbsd.org/support/security/";, >>> I can see that the PaX module is used in the kernel >>> but without any other information. >>> >>> What should be done in order to use (and perhaps configure) >>> that feature? >>> >>> Sould the executables being compiled with the "-fpie" option? >>> >>> Any comment would be greatly appreciated? >> >> $ man 7 sysctl look for pax >> $ man paxctl >> >> To use ASLR effectively you need to build with MKPIE... >> > >I saw more PAX / NetBSD pieces here >http://git.edgebsd.org/gitweb/?p=edgebsd-src.git;a=commitdiff;h=add2f1731f9468f3946bf8fea6cc48800c0f2668;hp=ba131ddbc3427f6931d123e93b82a339a879fb78
That just changes the defaults for the sysctls security.pax.aslr.global and security.pax.mprotect.global... You can put 2 lines in /etc/sysctl.conf and achieve the same... christos
