Elad Efrat wrote: > Christos Zoulas wrote: > > In article <20090106181846.38fec44e.adam.hoka%gmail.com@localhost>, > > Adam Hoka <adam.hoka%gmail.com@localhost> wrote: > >> -=-=-=-=-=- > >> > >> Hi! > >> > >> I made a few runs with paxtest to test our out-of-the-box security > >> functions. > >> The test was made on netbsd-5. There are also some references results. > >> > >> http://www.netbsd.org/~ahoka/benchmarks/paxtest/ > >> > >> I cant really comment on the results, but I hope others will. > >> Also I didnt look why those odd segfaults occur. > >> > > > > You need MKPIE binaries to make ASLR more effective. > > You (=Adam, and others) may find the following mail useful: > > http://mail-index.netbsd.org/tech-security/2005/12/18/0000.html > > If possible, please try running PaXtest with PIE binaries as Christos > suggested, SSP'd binaries (look at their Makefile - it disables it at > least for the OpenBSD target), and on amd64 too. The executable stack > and mprotect tests should present different results... > > Thanks, > > -e. Thanks, I will. For now it was only a ~default install. Do you have any idea about those segfaults in the results? -- When in doubt, use brute force. Adam Hoka <ahoka%NetBSD.org@localhost> Adam Hoka <ahoka%MirBSD.de@localhost> Adam Hoka <adam.hoka%gmail.com@localhost>
Attachment:
pgp4xA8EZ3oIt.pgp
Description: PGP signature