PaX Team wrote:nowshining wrote:lol.
thanks - at least others will know. I always thought those two were just incase u wanted to fix issues with mprotect and segexec, etc.. with your utilities on the pax site. Again thanks for adding a fix to the patch for what I went thru so others don't have to go thru it.
others don't go through this because they actually read the kernel .config help
which says among others:
config PAX_EI_PAX
If you have applications not marked by the PT_PAX_FLAGS ELF
program header then you MUST enable this option
otherwise they
will not get any protection.
config PAX_PT_PAX_FLAGS
If you have applications not marked by the PT_PAX_FLAGS ELF
program header then you MUST enable the EI_PAX marking support
otherwise they will not get any protection.
i.e., if you don't enable either, then (as far as PaX is concerned) nothing will get the PaX features enabled. if you use PaX integrated with a MAC system such as grsecurity then you can get away without any marking support but then it's up to you write proper policies that enable PaX features as needed (and as i mentioned above, paxtest doesn't come with such policies so unless you write them, you can't use the results to test your system).
as for read the configs - i didn''t really uderstand it - i read that over and over, but it also says APPLICATIONS not RANDOMIZATION about the heap, etc.. ie: Heap in an operating system is not an application but is apart of the memory right? Also it again it talks about protecting more like mprotect and segexec and marking the utilities for protection from your pax site and if you don't enable it and or them it won't help protect the applications to an extent if you don't mark them. ie: if you use mprotect and segexec but need to mark them with one of ur pax utilities to work, ie: xfree86, wine, etc..
Again i'm not talking about apps here, but Randomization of HEAP, etc.. Alas that's why I didn't enable it 'cause at least right now, i didn't want to go thru all the binaries and marking them with the pax utility, etc.. to get them to play nice of which i'd have to learn what to mark, 'cause I've never don't it before, but my guess is that they would of been in /usr/bin...
So at last so I didn't enable segexec and mprotect and since HEAP is in memory, etc.. and not an APP I decided NOT to enable them. If they are so important to making Pax work, then why the hell in the first place offer them as options?
You could always change the help to say something to effect of - "if you don't enable these the PAX, randomization and all will refuse to work to protect your system" or "these can't be disabed 'cause without them PAX will refuse to work."
recap: As far as I read it again and concerned I didn't need those since I had no intention of using mprotect and segexec, but wanted randomization of the parts of memory offered, along with freeing the page (i think it was page), etc.. So that's why i when i saw mprotect in the paxtest - i knew what they were for and what I disabled so i knew why they said vulnerable, then i asked on this forum - finally it became clear about the others need mprotect, segexec, etc.. so then I knew why they were vulnerable.
Unless i'm of course wrong about heap being apart of the OS memory and it's actually an app. or what heap even is??
