Page 1 of 1

Why PAX_RANDEXEC code is commented

PostPosted: Thu Jul 21, 2011 8:21 am
by mohitbansal111
Hi,

I just go through a stable patch of grsecurity..
I find that PAX_RANDEXEC ( for Randomize ET_EXEC base) is comment out !!!! :x
It is little surprise for me as when i go through http://pax.grsecurity.net/docs/randexec.txt its say RANDEXEC is to introduce randomness into main executable file mapping address.. :o
I also find that that addition pose some problems like performence ovehead , false alarm etc :(

Could any one please help me to figure out the final position for ET_EXEC...

Thanks in advance :D

-Mohit

Re: Why PAX_RANDEXEC code is commented

PostPosted: Thu Jul 21, 2011 4:23 pm
by PaX Team
RANDEXEC was removed many years ago when its maintenance cost increased way beyond its security value. it had served as a good PoC for how to randomize otherwise non-relocatable code but for practical purposes everyone should be (and should have been) using PIEs instead.