grsecurity forums

[dabaosod011]

When PaX detects the exploit ,the execution of the program is killed?
So ,who killed it? The Kernel or PaX?

And ,if i don't want it to be killed, What should i do ?
Can the PaX be configured to detect but no kill the execution?

[PaX Team]

When PaX detects the exploit ,the execution of the program is killed?

yes, the app gets a SIGKILL and will never return to userland. also, subject to its ulimit, full core is dumped for later examination.

So ,who killed it? The Kernel or PaX?

uhm, PaX is part of the kernel, so what would you like for an answer? in any case, this SIGKILL logic comes from PaX, not the vanilla kernel.

And ,if i don't want it to be killed, What should i do ?
Can the PaX be configured to detect but no kill the execution?

it's not a configurable option, you have to change the source for this. look at fs/exec.c:pax_report_fault() or its callers. note that changing this logic alone won't make your apps much happier because now they'll get a SIGSEGV instead. is there any reason you want to do this at all?