Re: Sabotaged PaXtest (was: Re: Patch 4/6 randomize the stack pointer)

[John Richard Moser <nigelenki@comcast.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Roman Zippel wrote:
> Hi,
> 
> On Thu, 3 Feb 2005, Peter Busser wrote:
> 
> 
>>- What happens when you run existing commercial applications which have not 
>>been compiled using GCC.
> 
> 
>>From http://pax.grsecurity.net/docs/pax.txt:
> 
>    The goal of the PaX project is to research various defense mechanisms
>    against the exploitation of software bugs that give an attacker arbitrary
>    read/write access to the attacked task's address space. 
> 
> Could you please explain how PaX makes such applications secure?
> 

I wrote an easy-to-chew article[1] about PaX on Wikipedia, although
looking back at it I think there may be some erratta in the ASLR
concept; I think the mmap() base is randomized, but I'm not sure now if
the actual base of each mmap() call is individually randomized as shown
in my diagrams.  I'm also no longer sure where I got the notion that the
heap/.bss/data segments are the same entity, and I'll have to check on that.

Nevertheless, it's basically accurate, in the same way that saying you
have a gameboy advance SP when you just have a gameboy advance is
basically accurate.

[1] http://en.wikipedia.org/wiki/PaX

> bye, Roman
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCB7PlhDd4aOud5P8RAr+pAKCCcbqLuG7OQzZlJrd5UdsA3NooUgCePXnp
D+xS98fWm9MVEBZpB+pIrTY=
=r+20
-----END PGP SIGNATURE-----