Re: Sabotaged PaXtest (was: Re: Patch 4/6 randomize the stack pointer)

[Ingo Molnar]

* Peter Busser <busser@xxxxxxxxxxxx> wrote:

> > ok the paxtest 0.9.5 I downloaded from a security site (not yours) had
> > this gem in:

> > +               do_mprotect((unsigned long)argv & ~4095U, 4096, PROT_READ|PROT_WRITE|PROT_EXEC);

> > which is clearly there to sabotage any segmentation based approach (eg
> > execshield and openwall etc); it cannot have any other possible use or
> > meaning.

> > the paxtest 0.9.6 that John Moser mailed to this list had this gem in
> > it:

> > +       /* Dummy nested function */
> > +       void dummy(void) {}

> > which is clearly there with the only possible function of sabotaging the
> > automatic PT_GNU_STACK setting by the toolchain (which btw is not fedora
> > specific but happens by all new enough (3.3 or later) gcc compilers on
> > all distros) since that requires an executable stack.
[...]

> No, these things are also in the officially released sources. I put
> them in myself in fact.

*PLONK*

	Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/