On Jun 7, 5:09pm, rhin...@epost.ch (rhin...@epost.ch) wrote:
-- Subject: Re: Security and PAX
| Hi,
|
| Thanks a lot for the info and links (which were very useful).
|
| I have set USE_SSP=yes, USE_FORT=yes, MKPIE=yes in the file
| /usr/pkg/etc/mk.conf but without any sign of something
| being changed during the compilation.
Yes, packages don't know about this variables (and the package Makefiles).
Perhaps that can be improved.
| Finally I have added "-fpie" and "-fstack-protector-all" to the CFLAGS
| and it seems to have worked.
Yds.
| Where should the variable MKPIE be set (in the kernel/world config file)?
In the kernel it does not make sense. The kernel is loaded in the same place.
But in the userland build putting it in /etc/mk.conf should work.
| How is it possible to check if a program is running with ASLR? I suppose
| that, by looking at the address space of the program,
| it is possible to see that the base address should change at each execution.
|
| Is that possible and how to do it?
I posted a program that does prints addresses and it should print something
different on each run. Here it is again:
#include <stdio.h>
#include <stdlib.h>
int array[] = { 0, 1, 2 };
int
main(int argc, char *argv[])
{
printf("main %p\n", main);
printf("libc %p\n", printf);
printf("stack %p\n", argv);
printf("data %p\n", array);
return 0;
}
christos
