grsecurity forums

Posted: **Wed May 11, 2005 5:15 pm**

IF you had a box that you needed to use more than 1.5GB, could you just use PAGEEXEC instead? I realize the methods are totally different, but is the final result essentially the same with regard to protecting the stack? (The current vulnerability not withstanding).

Oh, and thank you to both Brad and the PaX team for both the grsec and pax code!

Posted: **Wed May 11, 2005 7:44 pm**

linuxuser wrote:IF you had a box that you needed to use more than 1.5GB, could you just use PAGEEXEC instead?

depends on what that 1.5GB means for you. if you meant virtual address space then you just disable SEGMEXEC on the given app and use PAGEEXEC (or nothing). if you mean physical RAM then it's irrelevant, the SEGMEXEC (or any) address space limit has nothing to do with it, you can stuff as much RAM (and swap) into your box as you like.

I realize the methods are totally different, but is the final result essentially the same with regard to protecting the stack? (The current vulnerability not withstanding).

PaX is not a stack protection, it's a control mechanism for runtime code generation, the stack is just a small piece of the parcel. and yes, both non-exec approaches give you the same behaviour.

Posted: **Wed May 11, 2005 8:09 pm**

OK, so I understand, does that mean the app can only use 1.5GB of RAM with SEGMEXEC?

Posted: **Wed May 11, 2005 11:35 pm**

PaX Team wrote:if you mean physical RAM then it's irrelevant, the SEGMEXEC (or any) address space limit has nothing to do with it

Posted: **Thu May 12, 2005 8:20 am**

No, I mean what I asked, what exactly does the limitation mean? I firmly grasp the concept of virtual RAM, so what is the limitation effecting? The maximum amount of virtual memory a single application can use? (i.e. 1.5 GB)

Posted: **Thu May 12, 2005 8:41 am**

linuxuser wrote:No, I mean what I asked, what exactly does the limitation mean? I firmly grasp the concept of virtual RAM, so what is the limitation effecting? The maximum amount of virtual memory a single application can use? (i.e. 1.5 GB)

yes, instead of 3GB you get 1.5GB of virtual address space per process. how much of that you can actually populate depends on the amount of RAM + swap.

Posted: **Thu May 12, 2005 8:47 am**

Thanks for the clarification. So its not a limitation really at all. The only applications that are that much of a hog are Oracle. (and really, do you *need* Oracle? Come on, with postgres and mysql these days?)

So, clearly, not an issue. :-)

grsecurity forums

Question about SEGMEXEC and the 1.5GB limit (use PAGEXEC?)

Question about SEGMEXEC and the 1.5GB limit (use PAGEXEC?)

Re: Question about SEGMEXEC and the 1.5GB limit (use PAGEXEC

thanks for the clarification

Re: Question about SEGMEXEC and the 1.5GB limit (use PAGEXEC

Not physical RAM

Re: Not physical RAM

Ok, so not a big deal