IBM stack protector

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

IBM stack protector

Postby flamingice » Sun Dec 15, 2002 12:13 pm

Does the stack randomization features of grsecurity screw with IBM's stack protector? (probably a stupid question, but I'd like to know)
flamingice
 
Posts: 3
Joined: Tue Jun 25, 2002 7:07 pm

Re: IBM stack protector

Postby PaX Team » Sun Dec 15, 2002 1:17 pm

flamingice wrote:Does the stack randomization features of grsecurity screw with IBM's stack protector? (probably a stupid question, but I'd like to know)
they should not (i don't see what feature of propolice would need knowledge of absolute addresses). in fact, now that OpenBSD has included propolice and they also have stack randomization, you can be fairly sure it works fine.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby spender » Sun Dec 15, 2002 7:29 pm

I've compiled several of my apps with propolice, and have had no problems with it and PaX.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby flamingice » Sun Dec 15, 2002 8:15 pm

I know they work together, I just wasn't sure that propolice would be effective with stack randomization on. (since propolice needs to put stuff in certain places, blah blah, don't know much about this stuff)
flamingice
 
Posts: 3
Joined: Tue Jun 25, 2002 7:07 pm

Postby PaX Team » Mon Dec 16, 2002 8:31 am

flamingice wrote:I know they work together, I just wasn't sure that propolice would be effective with stack randomization on. (since propolice needs to put stuff in certain places, blah blah, don't know much about this stuff)
what propolice does to the stack is that it reorganizes its layout (that is, each function's stack frame), this does not rely on absolute addresses therefore the global stack randomization (think of it as shifting, something that you would also get if you defined an environment variable of a random length for every task) that PaX does won't interfere with it.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support

cron