HI all,
A very n00b question: when getting a grsecurity patched kernel, are the distro precompiled binaries (Debian in this case) able to run on my kernel ?
Or do i have to grab the source and recompile every package in order to be compatible with the patched kernel ?
Thanks
Binary compatibility
10 posts
• Page 1 of 1
Binary compatibility
by evilangel » Sun Jun 15, 2008 3:29 pm
- evilangel
- Posts: 59
- Joined: Thu May 15, 2008 7:57 pm
Re: Binary compatibility
by cormander » Sun Jun 15, 2008 6:16 pm
evilangel wrote:are the distro precompiled binaries (Debian in this case) able to run on my kernel ?
Yes.
The only time you might have to recompile something is if you were using a debian system with an old 2.4.x kernel and wanted to use a 2.6.x grsecurity kernel, or vice-versa.
- cormander
- Posts: 154
- Joined: Tue Jan 29, 2008 12:51 pm
Re: Binary compatibility
by evilangel » Mon Jun 16, 2008 1:56 pm
Just to be sure:
On a blank HDD, I can install my system as usually, and when it is over, i can subsitute the distro kernel package with mine and reboot ?
Thanks
On a blank HDD, I can install my system as usually, and when it is over, i can subsitute the distro kernel package with mine and reboot ?
Thanks
- evilangel
- Posts: 59
- Joined: Thu May 15, 2008 7:57 pm
Re: Binary compatibility
by PaX Team » Wed Jun 18, 2008 6:56 am
depending in which PaX features you enable, you can run into troubles with text relocations in libraries and GNU_STACK markings. check the forum, it was discussed a few times.evilangel wrote:A very n00b question: when getting a grsecurity patched kernel, are the distro precompiled binaries (Debian in this case) able to run on my kernel ?
recompiling won't help text relocations but it may help the lack of GNU_STACK markings, depends on the toolchain.Or do i have to grab the source and recompile every package in order to be compatible with the patched kernel ?
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
Re: Binary compatibility
by evilangel » Wed Jul 23, 2008 5:07 am
So GCC hardening (PIE, StackGuard, read-only of parts of ELF...) comes in addition to the kernel patch ?
I read that you need to compile with GCC PIE flag to fully enable ASLR.
Thanks
I read that you need to compile with GCC PIE flag to fully enable ASLR.
Thanks
- evilangel
- Posts: 59
- Joined: Thu May 15, 2008 7:57 pm
Re: Binary compatibility
by PaX Team » Wed Jul 23, 2008 8:30 am
yes, except for PIE, they're all independent changes in userland.evilangel wrote:So GCC hardening (PIE, StackGuard, read-only of parts of ELF...) comes in addition to the kernel patch ?
ASLR is always enabled once you configure it in the kernel, however the main executable randomization feature doesn't actually kick in until your userland binaries are recompiled/linked as a PIE (ET_DYN ELF files).I read that you need to compile with GCC PIE flag to fully enable ASLR.
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
10 posts
• Page 1 of 1