running paxtest blackhat I get considerably higher entropy across the board, except for
Main Executable Randomization (PIE) where I get 27 bits (whereas vanilla I get 28) and this appears to be consistent after rebooting.
Just wondering if this is an issue/ regression (27 bits seems adequate anyways, just curious/ thought I'd bring it up).
My config:
http://pastebin.com/X3qzCghY
Again, I don't think it's something major, or that 27 isn't enough. I just thought that this might help out in case a feature is not working as expected.
edit: It may also just be a difference between 3.8 and 3.10. The pax kernel is 3.10, the vanilla is 3.8.x.
Just something I noticed with Paxtest
3 posts
• Page 1 of 1
Just something I noticed with Paxtest
by GBit » Thu Jul 11, 2013 2:50 am
- GBit
- Posts: 81
- Joined: Mon Jun 04, 2012 3:31 pm
Re: Just something I noticed with Paxtest
by PaX Team » Sun Jul 14, 2013 6:52 pm
it's due to UDEREF and KERNEXEC which on amd64 rely on a special implementation detail (per-cpu pgd) that reduces the available userland address space size from 47 to 42 bits with a corresponding reduction in ASLR entropy as well.
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
Re: Just something I noticed with Paxtest
by GBit » Sun Jul 14, 2013 7:22 pm
Makes sense. Thank you.
- GBit
- Posts: 81
- Joined: Mon Jun 04, 2012 3:31 pm
3 posts
• Page 1 of 1