grsecurity forums

Skip to content

Question about SEGMEXEC and the 1.5GB limit (use PAGEXEC?)

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

Question about SEGMEXEC and the 1.5GB limit (use PAGEXEC?)

Postby linuxuser » Wed May 11, 2005 5:15 pm

IF you had a box that you needed to use more than 1.5GB, could you just use PAGEEXEC instead? I realize the methods are totally different, but is the final result essentially the same with regard to protecting the stack? (The current vulnerability not withstanding).

Oh, and thank you to both Brad and the PaX team for both the grsec and pax code!
linuxuser
 
Posts: 16
Joined: Wed May 11, 2005 4:59 pm
Top

Re: Question about SEGMEXEC and the 1.5GB limit (use PAGEXEC

Postby PaX Team » Wed May 11, 2005 7:44 pm

linuxuser wrote:IF you had a box that you needed to use more than 1.5GB, could you just use PAGEEXEC instead?
depends on what that 1.5GB means for you. if you meant virtual address space then you just disable SEGMEXEC on the given app and use PAGEEXEC (or nothing). if you mean physical RAM then it's irrelevant, the SEGMEXEC (or any) address space limit has nothing to do with it, you can stuff as much RAM (and swap) into your box as you like.
I realize the methods are totally different, but is the final result essentially the same with regard to protecting the stack? (The current vulnerability not withstanding).
PaX is not a stack protection, it's a control mechanism for runtime code generation, the stack is just a small piece of the parcel. and yes, both non-exec approaches give you the same behaviour.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top

thanks for the clarification

Postby linuxuser » Wed May 11, 2005 8:09 pm

OK, so I understand, does that mean the app can only use 1.5GB of RAM with SEGMEXEC?
linuxuser
 
Posts: 16
Joined: Wed May 11, 2005 4:59 pm
Top

Re: Question about SEGMEXEC and the 1.5GB limit (use PAGEXEC

Postby peritus_ » Wed May 11, 2005 11:35 pm

PaX Team wrote:if you mean physical RAM then it's irrelevant, the SEGMEXEC (or any) address space limit has nothing to do with it
peritus_
 
Posts: 5
Joined: Sat Mar 12, 2005 1:33 pm
Top

Not physical RAM

Postby linuxuser » Thu May 12, 2005 8:20 am

No, I mean what I asked, what exactly does the limitation mean? I firmly grasp the concept of virtual RAM, so what is the limitation effecting? The maximum amount of virtual memory a single application can use? (i.e. 1.5 GB)
linuxuser
 
Posts: 16
Joined: Wed May 11, 2005 4:59 pm
Top

Re: Not physical RAM

Postby PaX Team » Thu May 12, 2005 8:41 am

linuxuser wrote:No, I mean what I asked, what exactly does the limitation mean? I firmly grasp the concept of virtual RAM, so what is the limitation effecting? The maximum amount of virtual memory a single application can use? (i.e. 1.5 GB)
yes, instead of 3GB you get 1.5GB of virtual address space per process. how much of that you can actually populate depends on the amount of RAM + swap.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top

Ok, so not a big deal

Postby linuxuser » Thu May 12, 2005 8:47 am

Thanks for the clarification. So its not a limitation really at all. The only applications that are that much of a hog are Oracle. (and really, do you *need* Oracle? Come on, with postgres and mysql these days?)

So, clearly, not an issue. :-)
linuxuser
 
Posts: 16
Joined: Wed May 11, 2005 4:59 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group