Hello.
As already stated in this forum, patching a 2.6.13-4 kernel on a sparc64 - debian sarge with grsecurity-2.1.7-2.6.13.4-200510192227.patch with the Restrict mprotect() and automatically emulate ELF PLT (NEW) options set to on make the system go really slow. If I remove Restrict mprotect() everything works fine again.
For the PT_GNU_STACK "problem", chpaxing the apps works fine but execstacking -c the affected libraries is useless (tried on many different libraries).
grsecurity on a sparc64
2 posts
• Page 1 of 1
grsecurity on a sparc64
by cocobello » Mon Oct 31, 2005 3:44 am
- cocobello
- Posts: 3
- Joined: Mon Oct 31, 2005 3:28 am
Re: grsecurity on a sparc64
by PaX Team » Mon Oct 31, 2005 5:59 am
it doesn't depend on the kernel version but PaX onlycocobello wrote:As already stated in this forum, patching a 2.6.13-4 kernel on a sparc64 - debian sarge with grsecurity-2.1.7-2.6.13.4-200510192227.patch with the Restrict mprotect() and automatically emulate ELF PLT (NEW) options set to on make the system go really slow. If I remove Restrict mprotect() everything works fine again.
, and there's only so much we can do about it. there is recent development on the GNU toolchain to fix this in userland however, google for -msecure-plt, it already exists for alpha and powerpc. i don't know if there're plans for other archs as well, but you can ask the developers.execstack is effective only if all libraries that an app uses (and the app itself) are properly marked, if only one of them is missing the mark then ld.so will want to make the stack executable.For the PT_GNU_STACK "problem", chpaxing the apps works fine but execstacking -c the affected libraries is useless (tried on many different libraries).
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
2 posts
• Page 1 of 1