grsecurity forums


https://forums.grsecurity.net./

Most secure PaX configuration for a binary?

https://forums.grsecurity.net./viewtopic.php?f=3&t=4014

Page 1 of 1

Most secure PaX configuration for a binary?

PostPosted: Sun Jul 20, 2014 5:36 pm
by bugmenot
I've been told that enabling EMUTRAMP actually makes PaX security less secure than if it was off. Is that true?

That would mean that -PEMRXS is less secure than -PeMRXS?? And a few of my applications do need -PEmRXS just to work (e.g. browsers).

Note to self:
options:
-p: disable PAGEEXEC -P: enable PAGEEXEC
-e: disable EMUTRAMP -E: enable EMUTRAMP
-m: disable MPROTECT -M: enable MPROTECT
-r: disable RANDMMAP -R: enable RANDMMAP
-x: disable RANDEXEC -X: enable RANDEXEC
-s: disable SEGMEXEC -S: enable SEGMEXEC

Thanks.

Re: Most secure PaX configuration for a binary?

PostPosted: Sat Jul 26, 2014 8:38 pm
by PaX Team
enabling EMUTRAMP in the kernel config is not really a security issue per se, however enabling it on userland apps may be since it means that certain machine code can be executed from writable (and therefore potentially attacker controllable) memory by virtue of emulation in the kernel. this may or may not help an attacker to exploit the app, it really depends on the situation.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/