In article <20150607150930.ga67...@nordend.local.sourire.ch>,
<rhin...@epost.ch> wrote:
>On Sat, Jun 06, 2015 at 02:35:32PM +0000, Christos Zoulas wrote:
>> In article <20150606142015.ga61...@nordend.local.sourire.ch>,
>> <rhin...@epost.ch> wrote:
>> >Hi,
>> > I am quite new to netbsd and I am curious about
>> >the security mechanisms available.
>> >
>> >In the security page "http://www.netbsd.org/support/security/";,
>> >I can see that the PaX module is used in the kernel
>> >but without any other information.
>> >
>> >What should be done in order to use (and perhaps configure)
>> >that feature?
>> >
>> >Sould the executables being compiled with the "-fpie" option?
>> >
>> >Any comment would be greatly appreciated?
>>
>> $ man 7 sysctl look for pax
>> $ man paxctl
>>
>> To use ASLR effectively you need to build with MKPIE...
>>
>> christos
>Hi,
>
>Thanks a lot for the info and links (which were very useful).
>
>I have set USE_SSP=yes, USE_FORT=yes, MKPIE=yes in the file
>/usr/pkg/etc/mk.conf but without any sign of something
>being changed during the compilation.
>
>Finally I have added "-fpie" and "-fstack-protector-all" to the CFLAGS
>and it seems to have worked.
>
>Where should the variable MKPIE be set (in the kernel/world config file)?
>
>How is it possible to check if a program is running with ASLR? I suppose
>that, by looking at the address space of the program,
>it is possible to see that the base address should change at each execution.
>
>Is that possible and how to do it?
>
>Thanks for your help.
>
>kind regards,
#include <stdio.h>
#include <stdlib.h>
int array[] = { 0, 1, 2 };
int
main(int argc, char *argv[])
{
printf("main %p\n", main);
printf("libc %p\n", printf);
printf("stack %p\n", argv);
printf("data %p\n", array);
return 0;
}
