grsecurity forums


https://forums.grsecurity.net./

the question: to use gradm or not to use gradm

https://forums.grsecurity.net./viewtopic.php?f=3&t=3611

Page 1 of 1

the question: to use gradm or not to use gradm

PostPosted: Wed Jul 10, 2013 1:34 pm
by Construx
I noticed that after a grsec patch was applied and booted into but before making any gradm type changes, that the paxtest program showed that many of the vulnerabilities from stack-overflow appeared to have been eliminated. So, some benefit of the patching process occurs without any subsequent administration needed. As I am not sure whether other programs exist for testing the effects of other such immediate benefits, I do not have a good feel for the scope of these changes, but it would appear that one can make some improvement without the need for additional tweaking, so to speak. That may not be the intention or the ideal use of the grsec patching program, but it does seem noteworthy. Is that not so?

Re: the question: to use gradm or not to use gradm

PostPosted: Wed Jul 10, 2013 2:07 pm
by GBit
Yes, the changes of just the kernel patches are very significant, even without Gradm. But Gradm's purposes are to deal with bugs that PaX/Grsecurity can not deal with (for example an attack on Java typically requires no memory corruption), and to reinforce the rest.

You can use PaXTest (I suggest compiling the latest from ~spender) to measure some specific differences.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/