grsecurity forums


https://forums.grsecurity.net./

proactive security ?

https://forums.grsecurity.net./viewtopic.php?f=3&t=1451

Page 1 of 1

proactive security ?

PostPosted: Fri Apr 07, 2006 7:31 am
by pumpkins
Hi Guys!

I'l have a question: anyone try to use
GrSec/PaX/SSP/ExecShield/PIE protection?
is this possible? can be any problems with whis (kernel build,
package compiling and using etc)?

PostPosted: Fri Apr 07, 2006 7:27 pm
by JLO
Alright, I'm kinda glad you brought that up. I'm wanting to remove pax from the grsecurity patch (I would like to keep the other features), and try this patch out on a 2.4.32 kernel:
http://aslp.kavefish.net/

Re: proactive security ?

PostPosted: Tue Apr 11, 2006 8:00 am
by tosh
pumpkins wrote:I'l have a question: anyone try to use
GrSec/PaX/SSP/ExecShield/PIE protection?
is this possible? can be any problems with whis (kernel build,
package compiling and using etc)?


I am using GrSec/PaX/SSP/PIE.
ExecShield is similar to PaX so mixing both may not work or even dosn't make sense.

To get randomization of executables in kernel 2.6 you should use PIE if i am correct PaX don't do that in 2.6 kernels any more (kernel does it by itself).

SSP helps preventing return to glibc atacks which GrSec/PaX cannot stop so it is a good fulfit.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/