grsecurity forums

Skip to content

Most secure PaX configuration for a binary?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

Most secure PaX configuration for a binary?

Postby bugmenot » Sun Jul 20, 2014 5:36 pm

I've been told that enabling EMUTRAMP actually makes PaX security less secure than if it was off. Is that true?

That would mean that -PEMRXS is less secure than -PeMRXS?? And a few of my applications do need -PEmRXS just to work (e.g. browsers).

Note to self:
options:
-p: disable PAGEEXEC -P: enable PAGEEXEC
-e: disable EMUTRAMP -E: enable EMUTRAMP
-m: disable MPROTECT -M: enable MPROTECT
-r: disable RANDMMAP -R: enable RANDMMAP
-x: disable RANDEXEC -X: enable RANDEXEC
-s: disable SEGMEXEC -S: enable SEGMEXEC

Thanks.
bugmenot
 
Posts: 14
Joined: Sat Jun 27, 2009 12:42 am
Top

Re: Most secure PaX configuration for a binary?

Postby PaX Team » Sat Jul 26, 2014 8:38 pm

enabling EMUTRAMP in the kernel config is not really a security issue per se, however enabling it on userland apps may be since it means that certain machine code can be executed from writable (and therefore potentially attacker controllable) memory by virtue of emulation in the kernel. this may or may not help an attacker to exploit the app, it really depends on the situation.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group